Showing Posts From

• Alex Kaskasoli
• 23 Aug 2018

DNS Rebinding Headless Browsers

A DNS rebinding attack technique targeting headless browsers running on AWS was demonstrated. The attack can exploit the AWS metadata endpoint by manipulating DNS and causing browsers to hang, potentially allowing exfiltration of sensitive AWS credentials. The method bypasses same-origin policy restrictions by dynamically changing domain IP addresses during browser interactions.