DNS rebinding vs authorization/authentication

[laurian19]

Hi!

I have looked into the SOO tool for some weeks as I am trying to perform a security analysis for some specific services. As far as I understand, DNS rebinding is more difficult to take advantage of if authentication/authorization is required by the service which runs on localhost on a specific port, right? Is this also the case when employing the attack Hook and Control?

More exactly, some of the services I am analyzing right now require a specific API key to send requests to their API endpoints or even username/password authentication to access their GUI hosted on http://localhost:{port}. This would make it difficult to actually send those requests without having knowledge of the login credentials or corresponding API key, right?

Thank you in advance!

[gdncc]

DNS rebinding gives you connectivity to a service, which would not normally be accessible in certain scenarios if it were not vulnerable to DNS rebinding. Adequate authentication and authorization controls would prevent attackers from accessing information protected by these controls. This is indeed the case when using Hook and Control.