7 votes

Tunneling into a private network through JavaScript

4 comments

  1. Shamar
    Link
    This Proof-of-Concept describes how any website you visit, their hosting provider and any CDN they trust, can bypass your firewall and proxy and tunnel into your private network. It's a polite and...

    This Proof-of-Concept describes how any website you visit, their hosting provider and any CDN they trust, can bypass your firewall and proxy and tunnel into your private network.

    It's a polite and expanded version of a similar PoC exploit that leaks the ports open on your machine with a simulated DNS rebinding attack.

    To understand the severity of the issue you should consider what happens when you have several tab open and are authenticated on a local service: the whole browser session is authenticated not just a single tab (indeed if you open a new tab into the same authenticated service you don't need a new login).

    3 votes
  2. [3]
    teaearlgraycold
    Link
    Thankfully this PoC is thwarted by the VPN software I use. It says 192.168.1.0 is UP but freezes completely after that.

    Thankfully this PoC is thwarted by the VPN software I use.

    It says 192.168.1.0 is UP but freezes completely after that.

    3 votes
    1. [2]
      Shamar
      Link Parent
      Interesting. Who do freeze? The browser or the VPN? If the browser, would you mind to give a look at your browser's network logs during it's execution? I've tried it into several (professionally...

      Interesting. Who do freeze? The browser or the VPN?

      If the browser, would you mind to give a look at your browser's network logs during it's execution?
      I've tried it into several (professionally configured) networks and it worked like a charm (obviously after adapting the ip range).

      1. teaearlgraycold
        Link Parent
        Presumably the onerror callback is never invoked after the first time. The network analyzer shows an open connection for 192.168.1.1 with no headers or data.

        Presumably the onerror callback is never invoked after the first time.

        The network analyzer shows an open connection for 192.168.1.1 with no headers or data.

        1 vote