hacktricks/pentesting-web/domain-subdomain-takeover.md

# Domain/Subdomain takeover

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>

\
Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=domain-subdomain-takeover) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:

{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=domain-subdomain-takeover" %}

## Domain takeover

Ikiwa unagundua jina la kikoa (domain.tld) ambalo **linatumika na huduma fulani ndani ya upeo** lakini **kampuni** ime **poteza** **umiliki** wake, unaweza kujaribu **kujiandikisha** (ikiwa ni ya bei nafuu) na kuwajulisha kampuni hiyo. Ikiwa jina hili la kikoa linapokea **habari nyeti** kama vile cookie ya kikao kupitia **GET** parameter au katika kichwa cha **Referer**, hii ni hakika **udhaifu**.

### Subdomain takeover

Subdomain ya kampuni inashikilia **huduma ya mtu wa tatu yenye jina ambalo halijajiandikisha**. Ikiwa unaweza **kuunda** **akaunti** katika **huduma hii ya mtu wa tatu** na **kujiandikisha** jina linalotumika, unaweza kufanya subdomain takeover.

Kuna zana kadhaa zenye kamusi za kuangalia uwezekano wa takeover:

* [https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)
* [https://github.com/blacklanternsecurity/bbot](https://github.com/blacklanternsecurity/bbot)
* [https://github.com/punk-security/dnsReaper](https://github.com/punk-security/dnsReaper)
* [https://github.com/haccer/subjack](https://github.com/haccer/subjack)
* [https://github.com/anshumanbh/tko-sub](https://github.com/anshumanbh/tko-subs)
* [https://github.com/ArifulProtik/sub-domain-takeover](https://github.com/ArifulProtik/sub-domain-takeover)
* [https://github.com/SaadAhmedx/Subdomain-Takeover](https://github.com/SaadAhmedx/Subdomain-Takeover)
* [https://github.com/Ice3man543/SubOver](https://github.com/Ice3man543/SubOver)
* [https://github.com/m4ll0k/takeover](https://github.com/m4ll0k/takeover)
* [https://github.com/antichown/subdomain-takeover](https://github.com/antichown/subdomain-takeover)
* [https://github.com/musana/mx-takeover](https://github.com/musana/mx-takeover)
* [https://github.com/PentestPad/subzy](https://github.com/PentestPad/subzy)
* [https://github.com/Stratus-Security/Subdominator](https://github.com/Stratus-Security/Subdominator)
* [https://github.com/NImaism/takeit](https://github.com/NImaism/takeit)

### Subdomain Takeover Generation via DNS Wildcard

Wakati wildcard ya DNS inatumika katika kikoa, subdomain yoyote inayohitajika ya kikoa hicho ambayo haina anwani tofauti wazi itakuwa **imeelekezwa kwa habari sawa**. Hii inaweza kuwa anwani ya A, CNAME...

Kwa mfano, ikiwa `*.testing.com` imewekwa kama wildcard kwa `1.1.1.1`. Kisha, `not-existent.testing.com` itakuwa ikielekezwa kwa `1.1.1.1`.

Hata hivyo, ikiwa badala ya kuelekeza kwa anwani ya IP, msimamizi wa mfumo anaielekeza kwa **huduma ya mtu wa tatu kupitia CNAME**, kama subdomain ya G**ithub kwa mfano** (`sohomdatta1.github.io`). Mshambuliaji anaweza **kuunda ukurasa wake wa mtu wa tatu** (katika Gihub katika kesi hii) na kusema kwamba `something.testing.com` inashikilia hapo. Kwa sababu, **CNAME wildcard** itakubali mshambuliaji atakuwa na uwezo wa **kuunda subdomains zisizo na mipaka kwa kikoa cha mwathirika zikielekezwa kwa kurasa zake**.

Unaweza kupata mfano wa udhaifu huu katika andiko la CTF: [https://ctf.zeyu2001.com/2022/nitectf-2022/undocumented-js-api](https://ctf.zeyu2001.com/2022/nitectf-2022/undocumented-js-api)

## Exploiting a subdomain takeover

Subdomain takeover ni kimsingi DNS spoofing kwa kikoa maalum kwenye mtandao, ikiruhusu washambuliaji kuweka rekodi za A kwa kikoa, na kupeleka vivinjari kuonyesha maudhui kutoka kwa seva ya mshambuliaji. Hii **uwazi** katika vivinjari inafanya kikoa kuwa hatarini kwa phishing. Washambuliaji wanaweza kutumia [_typosquatting_](https://en.wikipedia.org/wiki/Typosquatting) au [_Doppelganger domains_](https://en.wikipedia.org/wiki/Doppelg%C3%A4nger) kwa kusudi hili. Kikoa ambacho URL katika barua pepe ya phishing inaonekana halali, kinakuwa hatarini, kikidanganya watumiaji na kukwepa vichujio vya spam kutokana na kuaminika kwa kikoa.

Angalia [post hii kwa maelezo zaidi](https://0xpatrik.com/subdomain-takeover/)

### **SSL Certificates**

Vyeti vya SSL, ikiwa vimeundwa na washambuliaji kupitia huduma kama [_Let's Encrypt_](https://letsencrypt.org/), vinaongeza uhalali wa hizi domain bandia, na kufanya mashambulizi ya phishing kuwa ya kuaminika zaidi.

### **Cookie Security and Browser Transparency**

Uwazi wa kivinjari pia unahusisha usalama wa cookie, unaodhibitiwa na sera kama [Same-origin policy](https://en.wikipedia.org/wiki/Same-origin\_policy). Cookies, mara nyingi hutumiwa kusimamia vikao na kuhifadhi alama za kuingia, zinaweza kutumiwa vibaya kupitia subdomain takeover. Washambuliaji wanaweza **kusanya session cookies** kwa urahisi kwa kuongoza watumiaji kwenye subdomain iliyovunjwa, wakihatarisha data na faragha ya mtumiaji.

### **Emails and Subdomain Takeover**

Nafasi nyingine ya subdomain takeover inahusisha huduma za barua pepe. Washambuliaji wanaweza kubadilisha **MX records** ili kupokea au kutuma barua pepe kutoka subdomain halali, wakiongeza ufanisi wa mashambulizi ya phishing.

### **Higher Order Risks**

Hatari zaidi ni pamoja na **NS record takeover**. Ikiwa mshambuliaji anapata udhibiti wa rekodi moja ya NS ya kikoa, wanaweza kwa urahisi kuelekeza sehemu ya trafiki kwa seva chini ya udhibiti wao. Hatari hii inazidi kuwa kubwa ikiwa mshambuliaji ataweka **TTL (Time to Live)** ya juu kwa rekodi za DNS, kuongezea muda wa shambulizi.

### CNAME Record Vulnerability

Washambuliaji wanaweza kutumia rekodi za CNAME zisizodaiwa zinazoshikilia huduma za nje ambazo hazitumiki tena au zimeondolewa. Hii inawaruhusu kuunda ukurasa chini ya kikoa kinachoweza kuaminika, ikisaidia zaidi katika phishing au usambazaji wa malware.

### **Mitigation Strategies**

Mikakati ya kupunguza hatari inajumuisha:

1. **Kuondoa rekodi za DNS zenye udhaifu** - Hii ni bora ikiwa subdomain haitahitajika tena.
2. **Kudai jina la kikoa** - Kujiandikisha rasilimali hiyo na mtoa huduma husika wa wingu au kununua tena kikoa kilichokwisha.
3. **Kufanya ufuatiliaji wa mara kwa mara kwa udhaifu** - Zana kama [aquatone](https://github.com/michenriksen/aquatone) zinaweza kusaidia kubaini viwango vya hatari. Mashirika yanapaswa pia kupitia mchakato wao wa usimamizi wa miundombinu, kuhakikisha kwamba uundaji wa rekodi za DNS ni hatua ya mwisho katika uundaji wa rasilimali na hatua ya kwanza katika uharibifu wa rasilimali.

Kwa watoa huduma wa wingu, kuthibitisha umiliki wa kikoa ni muhimu ili kuzuia subdomain takeovers. Wengine, kama [GitLab](https://about.gitlab.com/2018/02/05/gitlab-pages-custom-domain-validation/), wameelewa tatizo hili na kutekeleza mitambo ya uthibitishaji wa kikoa.

## References

* [https://0xpatrik.com/subdomain-takeover/](https://0xpatrik.com/subdomain-takeover/)
* [https://www.stratussecurity.com/post/subdomain-takeover-guide](https://www.stratussecurity.com/post/subdomain-takeover-guide)

<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>

\
Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=domain-subdomain-takeover) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:

{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=domain-subdomain-takeover" %}

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`# Domain/Subdomain takeover`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% hint style="success" %}`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<summary>Support HackTricks</summary>`
arte 2023-12-31 01:25:17 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00			`<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
update 2023-01-01 16:19:07 +00:00			`\`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Use [Trickest](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=domain-subdomain-takeover) to easily build and automate workflows powered by the world's most advanced community tools.\`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Get Access Today:`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00			`{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=domain-subdomain-takeover" %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`## Domain takeover`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Ikiwa unagundua jina la kikoa (domain.tld) ambalo linatumika na huduma fulani ndani ya upeo lakini kampuni ime poteza umiliki wake, unaweza kujaribu kujiandikisha (ikiwa ni ya bei nafuu) na kuwajulisha kampuni hiyo. Ikiwa jina hili la kikoa linapokea habari nyeti kama vile cookie ya kikao kupitia GET parameter au katika kichwa cha Referer, hii ni hakika udhaifu.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Subdomain takeover`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Subdomain ya kampuni inashikilia huduma ya mtu wa tatu yenye jina ambalo halijajiandikisha. Ikiwa unaweza kuunda akaunti katika huduma hii ya mtu wa tatu na kujiandikisha jina linalotumika, unaweza kufanya subdomain takeover.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`Kuna zana kadhaa zenye kamusi za kuangalia uwezekano wa takeover:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`* [https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)`
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00			`* [https://github.com/blacklanternsecurity/bbot](https://github.com/blacklanternsecurity/bbot)`
GitBook: [#3361] No subject 2022-08-12 14:25:49 +00:00			`* [https://github.com/punk-security/dnsReaper](https://github.com/punk-security/dnsReaper)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`* [https://github.com/haccer/subjack](https://github.com/haccer/subjack)`
			`* [https://github.com/anshumanbh/tko-sub](https://github.com/anshumanbh/tko-subs)`
			`* [https://github.com/ArifulProtik/sub-domain-takeover](https://github.com/ArifulProtik/sub-domain-takeover)`
			`* [https://github.com/SaadAhmedx/Subdomain-Takeover](https://github.com/SaadAhmedx/Subdomain-Takeover)`
			`* [https://github.com/Ice3man543/SubOver](https://github.com/Ice3man543/SubOver)`
			`* [https://github.com/m4ll0k/takeover](https://github.com/m4ll0k/takeover)`
			`* [https://github.com/antichown/subdomain-takeover](https://github.com/antichown/subdomain-takeover)`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00			`* [https://github.com/musana/mx-takeover](https://github.com/musana/mx-takeover)`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-02-15 12:02:03 +00:00			`* [https://github.com/PentestPad/subzy](https://github.com/PentestPad/subzy)`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`* [https://github.com/Stratus-Security/Subdominator](https://github.com/Stratus-Security/Subdominator)`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`* [https://github.com/NImaism/takeit](https://github.com/NImaism/takeit)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Subdomain Takeover Generation via DNS Wildcard`
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`Wakati wildcard ya DNS inatumika katika kikoa, subdomain yoyote inayohitajika ya kikoa hicho ambayo haina anwani tofauti wazi itakuwa imeelekezwa kwa habari sawa. Hii inaweza kuwa anwani ya A, CNAME...`
GitBook: [#3724] No subject 2023-01-02 14:30:12 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			Kwa mfano, ikiwa `*.testing.com` imewekwa kama wildcard kwa `1.1.1.1`. Kisha, `not-existent.testing.com` itakuwa ikielekezwa kwa `1.1.1.1`.
GitBook: [#3724] No subject 2023-01-02 14:30:12 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			Hata hivyo, ikiwa badala ya kuelekeza kwa anwani ya IP, msimamizi wa mfumo anaielekeza kwa huduma ya mtu wa tatu kupitia CNAME, kama subdomain ya Github kwa mfano (`sohomdatta1.github.io`). Mshambuliaji anaweza kuunda ukurasa wake wa mtu wa tatu (katika Gihub katika kesi hii) na kusema kwamba `something.testing.com` inashikilia hapo. Kwa sababu, CNAME wildcard itakubali mshambuliaji atakuwa na uwezo wa kuunda subdomains zisizo na mipaka kwa kikoa cha mwathirika zikielekezwa kwa kurasa zake.
GitBook: [#3724] No subject 2023-01-02 14:30:12 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`Unaweza kupata mfano wa udhaifu huu katika andiko la CTF: [https://ctf.zeyu2001.com/2022/nitectf-2022/undocumented-js-api](https://ctf.zeyu2001.com/2022/nitectf-2022/undocumented-js-api)`
GitBook: [#3724] No subject 2023-01-02 14:30:12 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`## Exploiting a subdomain takeover`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			Subdomain takeover ni kimsingi DNS spoofing kwa kikoa maalum kwenye mtandao, ikiruhusu washambuliaji kuweka rekodi za A kwa kikoa, na kupeleka vivinjari kuonyesha maudhui kutoka kwa seva ya mshambuliaji. Hii uwazi katika vivinjari inafanya kikoa kuwa hatarini kwa phishing. Washambuliaji wanaweza kutumia [_typosquatting_](https://en.wikipedia.org/wiki/Typosquatting) au [_Doppelganger domains_](https://en.wikipedia.org/wiki/Doppelg%C3%A4nger) kwa kusudi hili. Kikoa ambacho URL katika barua pepe ya phishing inaonekana halali, kinakuwa hatarini, kikidanganya watumiaji na kukwepa vichujio vya spam kutokana na kuaminika kwa kikoa.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Angalia [post hii kwa maelezo zaidi](https://0xpatrik.com/subdomain-takeover/)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### SSL Certificates`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Vyeti vya SSL, ikiwa vimeundwa na washambuliaji kupitia huduma kama [_Let's Encrypt_](https://letsencrypt.org/), vinaongeza uhalali wa hizi domain bandia, na kufanya mashambulizi ya phishing kuwa ya kuaminika zaidi.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Cookie Security and Browser Transparency`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`Uwazi wa kivinjari pia unahusisha usalama wa cookie, unaodhibitiwa na sera kama [Same-origin policy](https://en.wikipedia.org/wiki/Same-origin\_policy). Cookies, mara nyingi hutumiwa kusimamia vikao na kuhifadhi alama za kuingia, zinaweza kutumiwa vibaya kupitia subdomain takeover. Washambuliaji wanaweza kusanya session cookies kwa urahisi kwa kuongoza watumiaji kwenye subdomain iliyovunjwa, wakihatarisha data na faragha ya mtumiaji.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Emails and Subdomain Takeover`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Nafasi nyingine ya subdomain takeover inahusisha huduma za barua pepe. Washambuliaji wanaweza kubadilisha MX records ili kupokea au kutuma barua pepe kutoka subdomain halali, wakiongeza ufanisi wa mashambulizi ya phishing.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Higher Order Risks`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`Hatari zaidi ni pamoja na NS record takeover. Ikiwa mshambuliaji anapata udhibiti wa rekodi moja ya NS ya kikoa, wanaweza kwa urahisi kuelekeza sehemu ya trafiki kwa seva chini ya udhibiti wao. Hatari hii inazidi kuwa kubwa ikiwa mshambuliaji ataweka TTL (Time to Live) ya juu kwa rekodi za DNS, kuongezea muda wa shambulizi.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### CNAME Record Vulnerability`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`Washambuliaji wanaweza kutumia rekodi za CNAME zisizodaiwa zinazoshikilia huduma za nje ambazo hazitumiki tena au zimeondolewa. Hii inawaruhusu kuunda ukurasa chini ya kikoa kinachoweza kuaminika, ikisaidia zaidi katika phishing au usambazaji wa malware.`
a 2024-02-05 20:00:40 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`### Mitigation Strategies`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`Mikakati ya kupunguza hatari inajumuisha:`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`1. Kuondoa rekodi za DNS zenye udhaifu - Hii ni bora ikiwa subdomain haitahitajika tena.`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`2. Kudai jina la kikoa - Kujiandikisha rasilimali hiyo na mtoa huduma husika wa wingu au kununua tena kikoa kilichokwisha.`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`3. Kufanya ufuatiliaji wa mara kwa mara kwa udhaifu - Zana kama [aquatone](https://github.com/michenriksen/aquatone) zinaweza kusaidia kubaini viwango vya hatari. Mashirika yanapaswa pia kupitia mchakato wao wa usimamizi wa miundombinu, kuhakikisha kwamba uundaji wa rekodi za DNS ni hatua ya mwisho katika uundaji wa rasilimali na hatua ya kwanza katika uharibifu wa rasilimali.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-26 09:48:10 +00:00			`Kwa watoa huduma wa wingu, kuthibitisha umiliki wa kikoa ni muhimu ili kuzuia subdomain takeovers. Wengine, kama [GitLab](https://about.gitlab.com/2018/02/05/gitlab-pages-custom-domain-validation/), wameelewa tatizo hili na kutekeleza mitambo ya uthibitishaji wa kikoa.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`## References`
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00
a 2024-02-04 16:10:29 +00:00			`* [https://0xpatrik.com/subdomain-takeover/](https://0xpatrik.com/subdomain-takeover/)`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`* [https://www.stratussecurity.com/post/subdomain-takeover-guide](https://www.stratussecurity.com/post/subdomain-takeover-guide)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:47:30 +00:00			`<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
update 2023-01-01 16:19:07 +00:00			`\`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Use [Trickest](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=domain-subdomain-takeover) to easily build and automate workflows powered by the world's most advanced community tools.\`
			`Get Access Today:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:21:47 +00:00			`{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=domain-subdomain-takeover" %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% hint style="success" %}`
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`Learn & practice AWS Hacking:<img src="../.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="../.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="../.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`<summary>Support HackTricks</summary>`
arte 2023-12-31 01:25:17 +00:00
Translated ['pentesting-web/domain-subdomain-takeover.md'] to sw 2024-08-21 09:12:48 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:10:31 +00:00			`{% endhint %}`