How to install SSL certificate?
Closed this issue · 7 comments
Is Singularity supports sending the traffic via SSL encryption? In that case. How to install the Letsencrypt certificate and enable https?
Or any other alternative
What data are you trying to encrypt? The data to exfiltrate from a vulnerable service?
Vulnerable service is allowing only HTTPS URL, and the DNS rebinding URLs does n't work with HTTPS. Not trying to exfiltrate but just trying to use the DNS server.
Vulnerable service is allowing only HTTPS URL, and the DNS rebinding URLs does n't work with HTTPS. Not trying to exfiltrate but just trying to use the DNS server.
A service protected by TLS cannot be exploited using DNS rebinding assuming the TLS stack is solid.
I am trying to put this as input HTTPS://s-1.2.3.4-0.0.0.0-474794-fs-e.d.rebind.it and provide it. It takes input as an HTTPS URL only.
But as SSL is not supported, it never loads my page.
But it gives security certificate error.
I am trying to put this as input HTTPS://s-1.2.3.4-0.0.0.0-474794-fs-e.d.rebind.it and provide it
This won't work, even if TLS is enabled. TLS is one of several methods to protect from DNS rebinding attacks. See https://docs.google.com/presentation/d/1O7MxvbIfRcPSlbyZbFxD-fAR34XlquQSlRAHPb2kR4E/edit#slide=id.g5c05a104a7_0_161
I am not able to use HTTPS on the singularity DNS server, so it never provides an A or CNAME record.
I am just trying to get HTTPS working as HTTPS://s-1.2.3.4-0.0.0.0-474794-fs-e.d.rebind.it
@tester0-commits - You cannot rebind from https:// to http:// URLs. Feel free to validate yourself using a tool such as socat in front of Singularity as a TLS reverse proxy to test rebinding from https:// to http:// URLs. Note that using https://s-1.2.3.4-0.0.0.0-474794-fs-e.d.rebind.it does make the browser emit a DNS query and obtain a DNS response from Singularity, prior to connecting to the HTTPS service.