GitBook: [#3149] No subject

pentesting-web/cors-bypass.md

@@ -308,10 +308,16 @@ You can **bypass CORS checks** such as `e.origin === window.origin` by **creatin
 
 ![](<../.gitbook/assets/image (108).png>)
 
-Basically you make the **victim access your page**, then you change the **DNS of your domain (the IP)** and make it **points** to your **victims web page**. You make your **victim execute** (**JS**) something when the **TLS is** **over** so a new DNS request will be made and then you will be able to gather the information (as you will always mantains **the user in your domain**, he won't send **any cookie** to the victim server, so this options abuses the speciall privileges of the IP of the victim).
+Basically you make the **victim access your page**, then you change the **DNS of your domain (the IP)** and make it **points** to your **victims web page**. You make your **victim execute** (**JS**) something when the **TLS is** **over** so a new DNS request will be made and then you will be able to gather the information (as you will always maintains **the user in your domain**, he won't send **any cookie** to the victim server, so this options abuses the special privileges of the IP of the victim).
 
 Also, I don't know why this attack plays with the TLS of the DNS instead of just having a subdomain always pointing to the victims IP.
 
+#### Automated DNS Rebidding
+
+[**`Singularity of Origin`**](https://github.com/nccgroup/singularity) is a tool to perform [DNS rebinding](https://en.wikipedia.org/wiki/DNS\_rebinding) attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine.
+
+Check out also the **publicly running server in** [**http://rebind.it/singularity.html**](http://rebind.it/singularity.html)****
+
 ## **Tools**
 
 **Fuzz possible misconfigurations in CORS policies**

pentesting-web/ssrf-server-side-request-forgery/README.md

@@ -197,6 +197,12 @@ If you are having **problems** to **exfiltrate content from a local IP** because
 [cors-bypass.md](../cors-bypass.md)
 {% endcontent-ref %}
 
+#### Automated DNS Rebidding
+
+[**`Singularity of Origin`**](https://github.com/nccgroup/singularity) is a tool to perform [DNS rebinding](https://en.wikipedia.org/wiki/DNS\_rebinding) attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine.
+
+Check out also the **publicly running server in** [**http://rebind.it/singularity.html**](http://rebind.it/singularity.html)****
+
 ### DNS Rebidding + TLS Session ID/Session ticket
 
 Requirements:
@@ -218,12 +224,6 @@ Note that during this attack, if you want to attack localhost:11211 (_memcache_)
 To **perform this attack you can use the tool**: [https://github.com/jmdx/TLS-poison/](https://github.com/jmdx/TLS-poison/)\
 For **more information** take a look to the talk where this attack is explained: [https://www.youtube.com/watch?v=qGpAJxfADjo\&ab\_channel=DEFCONConference](https://www.youtube.com/watch?v=qGpAJxfADjo\&ab\_channel=DEFCONConference)
 
-#### Automated DNS Rebidding
-
-[**`Singularity of Origin`**](https://github.com/nccgroup/singularity) is a tool to perform [DNS rebinding](https://en.wikipedia.org/wiki/DNS\_rebinding) attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine.
-
-Check out also the publicly running server in [http://rebind.it/singularity.html](http://rebind.it/singularity.html)
-
 ### Blind SSRF
 
 The difference between a blind SSRF and a not blind one is that in the blind you cannot see the response of the SSRF request. Then, it is more difficult to exploit because you will be able to exploit only well-known vulnerabilities.