Forum Thread: Sessions Hijaking with DNS Rebinding?

I'm not sure if this is out of the scope of the users here, as I never seem to get many detailed responses, however I have an idea regarding DNS rebinding. DNS rebinding allows one to bypass the Same Origin Policy and thus execute javascript on a site it doesn't belong to. My thinking was that if somebody could rebind to site like Facebook, and then execute javascript to dump cookies or do any other actions, we could create an automated hijaking script that would only require a click with little to no user interaction.

Thoughts? If any?
Pry0cc

1 Response

But you cant do that to facebook .. haha ;);)..

You can create It on your public ip and send someone the link masked as another url maybe??
I think its like autopwn?? Is it??

Share Your Thoughts

  • Hot
  • Active