DNS Rebinding

DNS rebinding is a technique that exploits DNS resolution timing to bypass the browser's same-origin policy. The attacker sets up a domain with a very short TTL (Time to Live) that initially resolves to the attacker's server, then quickly switches to resolve to an internal IP address (like 127.0.0.1 or 192.168.x.x). JavaScript loaded from the initial resolution can then make requests to the internal service as if it were the same origin.

This attack is particularly effective against internal services that rely on network-level access control ("it's only accessible from the internal network, so it doesn't need authentication"). IoT devices, development servers, internal APIs, and cloud metadata services are common targets.

Defenses include validating the Host header on internal services, implementing proper authentication regardless of network location, and using DNS pinning (though browser support varies).

How APVISO tests for this: APVISO's scanner agent tests for services vulnerable to DNS rebinding by identifying internal-facing endpoints that lack proper Host header validation and authentication. The recon agent maps internal service topology to identify high-value rebinding targets.