linkedinattic / jaqen Goto Github PK

Jaqen - Simple DNS rebinding

License: BSD 2-Clause "Simplified" License

Go 82.41% HTML 4.08% JavaScript 13.51%

jaqen's Issues

Not replying to DNS queries

I'm running jaqen on VPS of mine like so:

# using fake IPs for GitHub
EXTERNAL_IP=54.173.189.125
INTERNAL_IP=172.30.0.10

# start jaqen
sudo ./jaqen \
    --base-uri mydomainna.me \
    --dns-bind "0.0.0.0:53" \
    --http-bind "$EXTERNAL_IP" \
    --http-pool "$INTERNAL_IP" \
    --http-bind-map "$INTERNAL_IP/$EXTERNAL_IP" -vvv

I've configured mydomainna.me to use a $EXTERNAL_IP as a custom nameserver and have disabled the firewall to allow traffic on port 53. When I run jaqen and request http://mydomainna.me in the browser I get the following output in the console.

INFO[0000] Found 1 eligible addresses meeting criteria: [54.173.189.125\172.30.0.10:80] 
INFO[0000] Leasing 54.173.189.125\172.30.0.10:80       
INFO[0000] Created HTTPServer bound to "54.173.189.125\172.30.0.10:80" as a result of request "00000000-0000-0000-0000-000000000000" on socket "00000000-0000-0000-0000-000000000000" 
INFO[0000] Created new DNSServer bound to "0.0.0.0:53" (tcp) 
INFO[0000] Created new DNSServer bound to "0.0.0.0:53" (udp) 
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0014] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       A      
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       AAAA   
DEBU[0015] Got DNS Request: ;webcdn.website.    IN       AAAA

However, it jaqen doesn't actually return DNS responses. A simple nslookup shows:

> mydomainna.me
Server:		127.0.1.1
Address:	127.0.1.1#53

** server can't find mydomainna.me: SERVFAIL

And monitoring DNS queries via tcpdump also shows the DNS server is failing:

$ sudo tcpdump udp port 53
23:11:28.099524 IP brannon.47992 > router.asus.com.domain: 45422+ A? mydomainna.me. (32)
23:11:28.099538 IP brannon.47992 > router.asus.com.domain: 11880+ AAAA? mydomainna.me. (32)
23:11:28.177006 IP router.asus.com.domain > brannon.47992: 45422 ServFail 0/0/0 (32)
23:11:28.281190 IP router.asus.com.domain > brannon.47992: 11880 ServFail 0/0/0 (32)
23:11:28.281539 IP brannon.47992 > router.asus.com.domain: 23679+ A? mydomainna.me. (32)
23:11:28.281583 IP brannon.47992 > router.asus.com.domain: 63510+ AAAA? mydomainna.me. (32)
23:11:28.358193 IP router.asus.com.domain > brannon.47992: 23679 ServFail 0/0/0 (32)
23:11:28.860719 IP router.asus.com.domain > brannon.47992: 63510 ServFail 0/0/0 (32)
23:11:28.861286 IP brannon.47992 > router.asus.com.domain: 29708+ A? mydomainna.me. (32)
23:11:28.861339 IP brannon.47992 > router.asus.com.domain: 42729+ AAAA? mydomainna.me. (32)
23:11:28.939490 IP router.asus.com.domain > brannon.47992: 29708 ServFail 0/0/0 (32)
23:11:28.944913 IP router.asus.com.domain > brannon.47992: 42729 ServFail 0/0/0 (32)
# ...etc

@li-lyoung, any ideas what this might be? I have a hung that I'm using the CLI args wrong but I figured you might have a better idea. Great research and DEFCON 25 talk btw 👍.

add requirements to readme

As it's currently written, jaqen requires at least go 1.7 because of this issue
https://stackoverflow.com/questions/42802278/install-context-package-in-golang#42802790

It might be a good to add this to a brief requirements section in the readme.

usage examples

Hey again! I just spent a couple of hours trying to set up jaqen to simulate an attack on servers and domains that I own, and I'm sad to report that I couldn't get it working. Steps to reproduce:

Point attacker.domain namesever to the host running jaqen
Build and run jaqen
$ sudo ./jaqen --base-uri=http://attacker.domain --dns-bind=XXX.XX.XX.XX:53 --http-bind=XXX.XX.XX.XX --http-pool=XXX.XX.XX.XX -v
Set up a virtual machine with host-only networking. Run a webserver on this virtual machine.
From the VM host machine, make a request to http://attacker.domain and cross my fingers?

Every request simply returns an html page with the word "Index", except for requests for pages in manager.go, which return either 404 or something like:

ERRO[0009] websocket: not a websocket handshake: 'upgrade' token not found in 'Connection' header
2017/08/24 16:27:41 http: multiple response.WriteHeader calls

Did I make an error with my setup?

what about adding a tunneling feature for more control and monitoring if everything is going as it should ?

Build error due to dependency API change: multiple-value uuid.NewV4() in single-value context

While building Jaqen, I got the errors:

offers.go:92: multiple-value uuid.NewV4() in single-value context
socket.go:93: multiple-value uuid.NewV4() in single-value context

This appears to be due to an API change in the dependency: https://github.com/satori/go.uuid
NewV4() now returns an additional error value, changed in commit satori/go.uuid@0ef6afb

Build works when you change those two lines to accept a second value, for example: id, _ := uuid.NewV4()

Build instructions

What are the instructions for building this tool?

I've downloaded Go 1.9 and tried:

git clone https://github.com/linkedin/jaqen
cd jaqen
go get

But I get this go path error:

o get: no install location for directory /home/brannon/Documents/code/jaqen outside GOPATH
	For more details see: 'go help gopath'

My $GOPATH is ~/go. Are there additional instructions for installing?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.