|
|
|
|
|
|
by tprynn
2059 days ago
|
|
|
With DNS rebinding, you can still only send HTTP requests* to the target. With this attack, you have a direct, raw TCP/UDP socket. (*) I'm simplifying, what I mean is that DNS rebinding still limits you to only what you can do in the browser, which is effectively HTTP. Most non-HTTP services will generally just close your socket once they see you send an HTTP request. |
|
|