-
Notifications
You must be signed in to change notification settings - Fork 70
Using Payloads
Payload configuration is currently defined in the dref-config.yml
file located in the project's root directory.
The default configuration file looks like this:
general:
domain: attacker.com
address: 1.2.3.4
targets:
- target: "demo"
script: "web-discover"
The targets
section of the configuration is a list of YAML "target" objects. These are the payloads that are configured to be delivered by dref.
The target
key serves a couple of purposes internally, but it is mainly the subdomain that delivers the payload.
The script
key is the payload script that will be delivered when a user visits the target
subdomain. These are defined in dref/scripts/src/payloads/
.
In plain English the configuration above says:
When a user visits
demo.attacker.com
deliver thepayloads/web-discover.js
script.
At this point, the Docker environment has to be restarted to reflect changes made to the dref-config.yml
file:
$ docker-compose down
$ docker-compose up -d
Key | Type | Description |
---|---|---|
target |
String | Target subdomain that will deliver the initial payload. Must be a valid subdomain string. |
script |
String | Payload delivered by the target subdomain. Must be a JavaScript file located in dref/scripts/src/payloads/ . |
args |
Object | Valid YAML sub-object containing arguments to be passed to the script. These arguments will be accessible to the script payload as globals under window.args . Must be a valid YAML object. |
By default dref allows you to DNS rebind on the following standard web ports: 80, 8000, 8080, 8888. This is controlled by the docker-compose port mapping in docker-compose.yml
.
To support DNS rebinding on an additional port, simply add a mapping from that port on the host to port 80 in the api
container by editing docker-compose.yml
. For example to support DNS rebinding on port 4000, the configuration would look like:
api:
image: node:9.11.1-alpine
networks:
- dref
ports:
- 0.0.0.0:4000:80