Description
Singularity of Origin is a tool for performing DNS rebinding attacks. It includes a DNS server, HTTP server, and attack payloads. DNS rebinding can be used to bypass SSRF protections, access internal services, and exfiltrate data from behind firewalls.
Installation
BASH
go install github.com/nccgroup/singularity/cmd/singularity-server@latest
# Or from source
git clone https://github.com/nccgroup/singularity.git
cd singularity/cmd/singularity-server
go buildBasic Usage
BASH
# Start the DNS rebinding server
./singularity-server --HTTPServerPort 8080 --DNSRebindingPort 53
# Access the attack interface
# Open http://your-server:8080 in browserAdvanced Usage
BASH
# Custom rebinding target
./singularity-server --RebindingFn singularity-a-]target-ip[-fs \
--HTTPServerPort 8080 --DNSRebindingPort 53
# Target internal service
# Configure DNS to resolve to attacker IP first, then to 127.0.0.1
# The browser will make a request that the server processes internallyHow DNS Rebinding Works
TEXT
1. Victim visits attacker.com (resolves to attacker IP)
2. JavaScript on attacker page makes requests to attacker.com
3. DNS TTL expires, attacker changes DNS to point to internal IP (127.0.0.1)
4. Browser requests now hit internal services (same-origin policy satisfied)
5. Attacker's JavaScript can read responses from internal servicesCommon Workflows
BASH
# Bypass SSRF IP filters via DNS rebinding
# If target blocks 127.0.0.1 but allows DNS resolution:
# 1. Set up Singularity pointing to 127.0.0.1
# 2. Submit DNS rebinding domain as URL parameter
# 3. First resolution passes filter, second hits localhost