Useful Notes and Other Loose Ends

• Cross-platform compilation: go to "~/singularity/cmd/singularity-server/" and type env GOOS=linux GOARCH=amd64 go build for a Linux build or go build from a mac OS machine for a Mac build.
• The fetch API based attack scripts in the "html" directories will stop after 5 attempts if there are network errors.
• Going to chrome://net-internals/#dns in the Chrome browser is great for debugging.
• Test dig query: dig "s-ip.ad.dr.ss-127.0.0.1-<random_number>-fs-e.dynamic.your.domain" @ip.ad.dr.ss
• sudo ./singularity-server -HTTPServerPort 8080 -HTTPServerPort 8081 -dangerouslyAllowDynamicHTTPServers starts a server on port 8080 and 8081 and enables requesting dynamically one additional HTTP port via the Manager interface.
• Testing a service for a DNS rebinding vulnerability: In an HTTP intercepting proxy such as Portswigger's Burp Suite, replay a request to localhost, replacing the host header value e.g. "localhost" with "attacker.com". If the request is accepted, chances are that you have found a DNS rebinding vulnerability. What you can do after, the impact, depends on the vulnerable application.
• Use the Multiple answers (fast) DNS rebinding strategy option in the advanced options of the manager interface for instant rebinding when supported by the target browser/OS combination and with the tested settings, summarized in the table above. This strategy requires Linux iptables on the attacker host.
• The Multiple answers (fast) rebinding strategy does not support the "localhost" target value if trying to evade IPS/IDS and DNS filters.
• Use Singularity command line argument -enableLinuxTProxySupport to enable Linux Transparent Proxy support. This permits to Singularity to work on many HTTP ports with an appropriate Linux iptables rule. e.g. sudo iptables -t mangle -I PREROUTING -d ext_ip_address -p tcp --dport 8080 -j TPROXY --on-port=80 --on-ip=ext_ip_address will redirect external port 8080 on port 80 of Singularity if Singularity listens on port 80 only of ext_ip_address.