Singularity – A DNS Rebinding Attack Framework



  • Singularity provides a complete DNS rebinding attack delivery stack:
    • Custom DNS server to rebind DNS name and IP address mapping from the attacker web server address to the target machine address
    • HTTP server to serve HTML pages and JavaScript code to targets and to manage the attacks
    • Several sample attack payloads, ranging from grabbing the home page of a target application to performing remote code execution. These payloads can be easily adapted to perform new and custom attacks.
  • Supports concurrent users
  • Provides several DNS rebinding strategies, including sequential mapping from the attacker to the target IP address and random mapping, to minimize the impact of IDS/IPS interfering with the attack
  • A number of technical controls to maximize the reliability and speed of attacks:
    • Disabling HTTP keep alive, caching, DNS prefetching
    • Aggressive DNS response TTLs
    • Option to use DNS CNAME instead of A records to evade several DNS filtering solutions
    • Near instant rebinding for several browser and OS combinations, using multiple DNS answers and dynamic HTTP port blocking.
  • Ability to allocate HTTP servers at startup or dynamically thereafter
    • A convenience feature to avoid restarting Singularity to listen on a different HTTP port.
    • To lay the ground work to attack vulnerable ports discovered after a scan.


Leave a Reply

Your email address will not be published. Required fields are marked *