bitter_domain 0.1.1 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/Gemfile.lock +2 -2
- data/README.md +65 -8
- data/bin/bitter_domain +4 -3
- data/bitter_domain.gemspec +2 -2
- data/lib/bitter_domain/domain_mapper.rb +1 -0
- data/lib/bitter_domain/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cc2adbd9a0bfbfec7dc35356bcdb15075c0e71bf41568d75293f501188ea7b9a
|
4
|
+
data.tar.gz: 626641a0677c6938b18ade6a259804b52f3a217b685655d76f5df96f7939ed69
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 73547ec3b82f3a6cfa6957694638b5eaa93025421a3e408b15b21179b109ed963072c9c6b1677e04aa7f3edd26282585ecc17303036d41c94ffc4ee5ad97a397
|
7
|
+
data.tar.gz: cbca5b7ee24407c704a974c98877e7256e89ca6186a207a1812816c6be779e1ab289b46ebfd9c28c1763c60bf43d0a0a12b8220a24dfd348ff6734a17d9a9746
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.6.3
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
bitter_domain (0.1.
|
4
|
+
bitter_domain (0.1.2)
|
5
5
|
colorize
|
6
6
|
public_suffix
|
7
7
|
whois (~> 4.0.8)
|
@@ -52,7 +52,7 @@ GEM
|
|
52
52
|
pry (0.12.2)
|
53
53
|
coderay (~> 1.1.0)
|
54
54
|
method_source (~> 0.9.0)
|
55
|
-
public_suffix (
|
55
|
+
public_suffix (4.0.0)
|
56
56
|
rake (10.5.0)
|
57
57
|
rb-fsevent (0.10.3)
|
58
58
|
rb-inotify (0.10.0)
|
data/README.md
CHANGED
@@ -1,8 +1,23 @@
|
|
1
1
|
# BitterDomain
|
2
|
+
A Ruby gem for generating domains 1 bit away from a source domain and checking the availability of the generated domains.
|
2
3
|
|
3
|
-
|
4
|
+
### DISCLAIMER
|
5
|
+
This project is for *research purposes only*. So don't use it for malicious nonsense or send nasty stuff in response to legitimate HTTP requests. If you want to actually register one of these generated domains and set up a server to listen for requests, sending a `404` to all incoming requests if probably a good idea.
|
4
6
|
|
5
|
-
|
7
|
+
### Description
|
8
|
+
A Ruby gem for generating domains 1 bit away from a source domain and checking the availability of the generated domains.
|
9
|
+
This project was inspired from a series of Defcon presentations on `bit squatting`.
|
10
|
+
|
11
|
+
[The original video](https://www.youtube.com/watch?v=aT7mnSstKGs)
|
12
|
+
[A second presentation further exploring the vulnerability](https://www.youtube.com/watch?v=IhwE1S4x36s)
|
13
|
+
|
14
|
+
`Bit squatting` is a close cousin to `typo squatting`, viz., a user makes a typo when entering a common url in a browser address bar and unintentionally makes a request to a domain including the typo that a malicious user has registered. Rather than typos, bit squatting leverages common hardware errors (bit errors) that yield domains that are _1 bit off from the source domain_, e.g., `instagram.com` -> `instagbam.com`. According to the videos above, these errors generate a very high number of potential requests sent to domains with the aforementioned pathological structure.
|
15
|
+
|
16
|
+
To exploit this vulnerability, an attacker may generate a list of domains 1 bit off from common domains, then register the "bit-flipped" domains, and finally spin up a web server to send responses to these requests from users who intended to make a request to the common source domain but have been routed to the "bit squatted" domain.
|
17
|
+
|
18
|
+
`BitterDomain` is a gem for generating bit-flipped domains. It does not include a server or other logging utilities. I wrote a small go server for tracking incoming HTTP requests and headers. After registering around 5 domains for flipped versions of facebook's cdn and instagram api domains, I received 3-4 _highly probable_ requests that were intended to be sent to facebook. A high amount of garbage also came in, but that's sufficient evidence for me to conclude that the vulnerability is still exploitable, at least with a minimal amount of set up.
|
19
|
+
|
20
|
+
`whois` and `whois-parser` are used for checking the DNS availability of the generated domains.
|
6
21
|
|
7
22
|
## Installation
|
8
23
|
|
@@ -22,17 +37,59 @@ Or install it yourself as:
|
|
22
37
|
|
23
38
|
## Usage
|
24
39
|
|
25
|
-
|
40
|
+
#### CLI
|
41
|
+
|
42
|
+
`BitterDomain` comes with an executable:
|
43
|
+
|
44
|
+
```bash
|
45
|
+
$ bitter_domain --url <source domain>
|
46
|
+
```
|
47
|
+
|
48
|
+
where `source domain` could be something like `google.com` or `apopulardomain.net`. Notice that subdomains or protocols are unnecessary, since all that is required is the domain name and extension.
|
49
|
+
|
50
|
+
The default command prints out a list of available domains that are 1 bit removed from the source url.
|
51
|
+
|
52
|
+
*This may take a few minutes*. All of the calls to `whois` servers can take some time.
|
53
|
+
|
54
|
+
The CLI accepts flags for verbose output or the flips only without checking their availability.
|
55
|
+
|
56
|
+
```
|
57
|
+
Usage:
|
58
|
+
bitter_domain get a list of bit flipped domains -u, --url=URL
|
59
|
+
|
60
|
+
Options:
|
61
|
+
-r, [--retry], [--no-retry] # retry any domain that errored out; usually due to a connection reset
|
62
|
+
-s, [--flips-only], [--no-flips-only] # limit output to just flips
|
63
|
+
-u, --url=URL # url to generate shifts for
|
64
|
+
-v, [--verbose=VERBOSE] # print verbose output
|
65
|
+
|
66
|
+
```
|
67
|
+
|
68
|
+
#### Require
|
69
|
+
|
70
|
+
Or require the gem with
|
71
|
+
```ruby
|
72
|
+
require "bitter_domain"
|
73
|
+
```
|
74
|
+
|
75
|
+
And instantiate a mapper like so:
|
76
|
+
|
77
|
+
```ruby
|
78
|
+
mapper = BitterDomain::DomainMapper.new("google.com")
|
79
|
+
```
|
80
|
+
|
81
|
+
`DomainMapper` includes a few instance methods for generating and testing domains
|
82
|
+
- `#gen_shifts` will generate and return a list of shifted domains
|
83
|
+
- `#print_shifts` will print out just the shifted domains
|
84
|
+
- `#check_domains` will test the availability of the shifted domains using `whois`
|
85
|
+
- `#print_verbose` and `#print_availabile` are two little output printers for the tested/available domains
|
26
86
|
|
27
|
-
## Development
|
28
87
|
|
29
|
-
|
88
|
+
## PS
|
30
89
|
|
31
|
-
|
90
|
+
#### HAVE FUN AND DON'T BE A JERK
|
32
91
|
|
33
|
-
## Contributing
|
34
92
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/axylos/bitter_domain.
|
36
93
|
|
37
94
|
## License
|
38
95
|
|
data/bin/bitter_domain
CHANGED
@@ -13,14 +13,15 @@ class CLI < Thor
|
|
13
13
|
method_option :url, aliases: ['-u'], desc: 'url to generate shifts for', required: true
|
14
14
|
method_option :verbose, aliases: ['-v'], desc: 'print verbose output'
|
15
15
|
def gen_shifts()
|
16
|
+
puts "Generating shifted domains"
|
16
17
|
mapper = BitterDomain::DomainMapper.new(options[:url])
|
17
|
-
|
18
|
+
mapper.gen_shifts
|
19
|
+
puts "#{mapper.shifted_domains.length} domains generated"
|
18
20
|
|
19
21
|
if options["flips-only".to_sym]
|
20
22
|
mapper.print_shifts
|
21
23
|
else
|
22
|
-
|
23
|
-
checker.test_domains
|
24
|
+
puts "Testing for available domains. This may take a few minutes"
|
24
25
|
mapper.check_domains(options[:retry])
|
25
26
|
options[:verbose] ? mapper.print_verbose : mapper.print_available
|
26
27
|
end
|
data/bitter_domain.gemspec
CHANGED
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
11
11
|
|
12
12
|
spec.summary = %q{Generate urls with a single bit flipped for researching bit squatting}
|
13
13
|
spec.description = %q{Get a list of available domains 1 bit away from a given domain}
|
14
|
-
spec.homepage = "https://github.com/Axylos/
|
14
|
+
spec.homepage = "https://github.com/Axylos/bitter_domain"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
17
17
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
#spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
|
21
21
|
|
22
22
|
spec.metadata["homepage_uri"] = spec.homepage
|
23
|
-
spec.metadata["source_code_uri"] = "https://github.com/Axylos/
|
23
|
+
spec.metadata["source_code_uri"] = "https://github.com/Axylos/bitter_domain"
|
24
24
|
#spec.metadata["changelog_uri"] = "none"
|
25
25
|
else
|
26
26
|
raise "RubyGems 2.0 or newer is required to protect against " \
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bitter_domain
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- axylos
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colorize
|
@@ -160,6 +160,7 @@ extra_rdoc_files: []
|
|
160
160
|
files:
|
161
161
|
- ".gitignore"
|
162
162
|
- ".rspec"
|
163
|
+
- ".ruby-version"
|
163
164
|
- ".travis.yml"
|
164
165
|
- Gemfile
|
165
166
|
- Gemfile.lock
|
@@ -176,12 +177,12 @@ files:
|
|
176
177
|
- lib/bitter_domain/domain_checker.rb
|
177
178
|
- lib/bitter_domain/domain_mapper.rb
|
178
179
|
- lib/bitter_domain/version.rb
|
179
|
-
homepage: https://github.com/Axylos/
|
180
|
+
homepage: https://github.com/Axylos/bitter_domain
|
180
181
|
licenses:
|
181
182
|
- MIT
|
182
183
|
metadata:
|
183
|
-
homepage_uri: https://github.com/Axylos/
|
184
|
-
source_code_uri: https://github.com/Axylos/
|
184
|
+
homepage_uri: https://github.com/Axylos/bitter_domain
|
185
|
+
source_code_uri: https://github.com/Axylos/bitter_domain
|
185
186
|
post_install_message:
|
186
187
|
rdoc_options: []
|
187
188
|
require_paths:
|