bitter_domain 0.1.1 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50cc7524ec85308d7779171078697a4375c44b4cd064de0bcb854d000e72d225
-  data.tar.gz: 72f92a81a31b21799d83b7dc3c2da4773168feded8a0322ac2d6db7f25cc2c2a
+  metadata.gz: cc2adbd9a0bfbfec7dc35356bcdb15075c0e71bf41568d75293f501188ea7b9a
+  data.tar.gz: 626641a0677c6938b18ade6a259804b52f3a217b685655d76f5df96f7939ed69
 SHA512:
-  metadata.gz: 599de2c0dd413a33d9e74f7fc6365cfcc4644e8af0c513af7e0c0601d03ac1c8f0e313c7313c930a179d7429a1077c8aa48faae7a53aa8ff38b52e3c327fd840
-  data.tar.gz: 9e37fe354980e43e04c887a3b4393ee0e33b1cdf9adff87c4b017e65cd9e46aa5f846678869022c01af4215929358aca623a8b07adc046fd46b3efb754844290
+  metadata.gz: 73547ec3b82f3a6cfa6957694638b5eaa93025421a3e408b15b21179b109ed963072c9c6b1677e04aa7f3edd26282585ecc17303036d41c94ffc4ee5ad97a397
+  data.tar.gz: cbca5b7ee24407c704a974c98877e7256e89ca6186a207a1812816c6be779e1ab289b46ebfd9c28c1763c60bf43d0a0a12b8220a24dfd348ff6734a17d9a9746

data/.ruby-version

@@ -0,0 +1 @@
+2.6.3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    bitter_domain (0.1.0)
+    bitter_domain (0.1.2)
       colorize
       public_suffix
       whois (~> 4.0.8)
@@ -52,7 +52,7 @@ GEM
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    public_suffix (3.0.3)
+    public_suffix (4.0.0)
     rake (10.5.0)
     rb-fsevent (0.10.3)
     rb-inotify (0.10.0)

data/README.md

@@ -1,8 +1,23 @@
 # BitterDomain
+A Ruby gem for generating domains 1 bit away from a source domain and checking the availability of the generated domains.
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/bitter_domain`. To experiment with that code, run `bin/console` for an interactive prompt.
+### DISCLAIMER
+This project is for *research purposes only*.  So don't use it for malicious nonsense or send nasty stuff in response to legitimate HTTP requests.  If you want to actually register one of these generated domains and set up a server to listen for requests, sending a `404` to all incoming requests if probably a good idea.
 
-TODO: Delete this and the text above, and describe your gem
+### Description
+A Ruby gem for generating domains 1 bit away from a source domain and checking the availability of the generated domains.
+This project was inspired from a series of Defcon presentations on `bit squatting`.
+
+[The original video](https://www.youtube.com/watch?v=aT7mnSstKGs)
+[A second presentation further exploring the vulnerability](https://www.youtube.com/watch?v=IhwE1S4x36s)
+
+`Bit squatting` is a close cousin to `typo squatting`, viz., a user makes a typo when entering a common url in a browser address bar and unintentionally makes a request to a domain including the typo that a malicious user has registered.  Rather than typos, bit squatting leverages common hardware errors (bit errors) that yield domains that are _1 bit off from the source domain_, e.g., `instagram.com` -> `instagbam.com`.  According to the videos above, these errors generate a very high number of potential requests sent to domains with the aforementioned pathological structure.
+
+To exploit this vulnerability, an attacker may generate a list of domains 1 bit off from common domains, then register the "bit-flipped" domains, and finally spin up a web server to send responses to these requests from users who intended to make a request to the common source domain but have been routed to the "bit squatted" domain.
+
+`BitterDomain` is a gem for generating bit-flipped domains.  It does not include a server or other logging utilities.  I wrote a small go server for tracking incoming HTTP requests and headers.  After registering around 5 domains for flipped versions of facebook's cdn and instagram api domains, I received 3-4 _highly probable_ requests that were intended to be sent to facebook.  A high amount of garbage also came in, but that's sufficient evidence for me to conclude that the vulnerability is still exploitable, at least with a minimal amount of set up.
+
+`whois` and `whois-parser` are used for checking the DNS availability of the generated domains.
 
 ## Installation
 
@@ -22,17 +37,59 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+#### CLI
+
+`BitterDomain` comes with an executable:
+
+```bash
+$ bitter_domain --url <source domain>
+```
+
+where `source domain` could be something like `google.com` or `apopulardomain.net`.  Notice that subdomains or protocols are unnecessary, since all that is required is the domain name and extension.
+
+The default command prints out a list of available domains that are 1 bit removed from the source url. 
+
+*This may take a few minutes*.  All of the calls to `whois` servers can take some time.
+
+The CLI accepts flags for verbose output or the flips only without checking their availability.
+
+```
+Usage:
+  bitter_domain get a list of bit flipped domains -u, --url=URL
+
+Options:
+  -r, [--retry], [--no-retry]            # retry any domain that errored out; usually due to a connection reset
+  -s, [--flips-only], [--no-flips-only]  # limit output to just flips
+  -u, --url=URL                          # url to generate shifts for
+  -v, [--verbose=VERBOSE]                # print verbose output
+
+```
+
+#### Require
+
+Or require the gem with
+```ruby
+require "bitter_domain"
+```
+
+And instantiate a mapper like so:
+
+```ruby
+mapper = BitterDomain::DomainMapper.new("google.com")
+```
+
+`DomainMapper` includes a few instance methods for generating and testing domains
+- `#gen_shifts` will generate and return a list of shifted domains
+- `#print_shifts` will print out just the shifted domains
+- `#check_domains` will test the availability of the shifted domains using `whois`
+- `#print_verbose` and `#print_availabile` are two little output printers for the tested/available domains
 
-## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+## PS
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+#### HAVE FUN AND DON'T BE A JERK
 
-## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/axylos/bitter_domain.
 
 ## License
 

data/bin/bitter_domain

@@ -13,14 +13,15 @@ class CLI < Thor
   method_option :url, aliases: ['-u'], desc: 'url to generate shifts for', required: true
   method_option :verbose, aliases: ['-v'], desc: 'print verbose output'
   def gen_shifts()
+    puts "Generating shifted domains"
     mapper = BitterDomain::DomainMapper.new(options[:url])
-    shifted_domains = mapper.gen_shifts
+    mapper.gen_shifts
+    puts "#{mapper.shifted_domains.length} domains generated"
 
     if options["flips-only".to_sym]
       mapper.print_shifts
     else
-      checker = BitterDomain::DomainChecker.new(shifted_domains)
-      checker.test_domains
+      puts "Testing for available domains.  This may take a few minutes"
       mapper.check_domains(options[:retry])
       options[:verbose] ? mapper.print_verbose : mapper.print_available
     end

data/bitter_domain.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
 
   spec.summary       = %q{Generate urls with a single bit flipped for researching bit squatting}
   spec.description   = %q{Get a list of available domains 1 bit away from a given domain}
-  spec.homepage      = "https://github.com/Axylos/squat_logs"
+  spec.homepage      = "https://github.com/Axylos/bitter_domain"
   spec.license       = "MIT"
 
   # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
     #spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
 
     spec.metadata["homepage_uri"] = spec.homepage
-    spec.metadata["source_code_uri"] = "https://github.com/Axylos/squat_logs"
+    spec.metadata["source_code_uri"] = "https://github.com/Axylos/bitter_domain"
     #spec.metadata["changelog_uri"] = "none"
   else
     raise "RubyGems 2.0 or newer is required to protect against " \

data/lib/bitter_domain/domain_mapper.rb

@@ -59,6 +59,7 @@ module BitterDomain
     end
 
     def print_available
+      puts "Here are the available shifted domains"
       self.checker.print_available
     end
 

data/lib/bitter_domain/version.rb

@@ -1,3 +1,3 @@
 module BitterDomain
-  VERSION = "0.1.1"
+  VERSION = "0.1.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bitter_domain
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.4
 platform: ruby
 authors:
 - axylos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-04 00:00:00.000000000 Z
+date: 2019-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -160,6 +160,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".ruby-version"
 - ".travis.yml"
 - Gemfile
 - Gemfile.lock
@@ -176,12 +177,12 @@ files:
 - lib/bitter_domain/domain_checker.rb
 - lib/bitter_domain/domain_mapper.rb
 - lib/bitter_domain/version.rb
-homepage: https://github.com/Axylos/squat_logs
+homepage: https://github.com/Axylos/bitter_domain
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/Axylos/squat_logs
-  source_code_uri: https://github.com/Axylos/squat_logs
+  homepage_uri: https://github.com/Axylos/bitter_domain
+  source_code_uri: https://github.com/Axylos/bitter_domain
 post_install_message: 
 rdoc_options: []
 require_paths: