Localhost Dangers: CORS and DNS Rebinding

By /

Listen to this Post

Featured Image
Understanding the risks associated with localhost development is crucial for security professionals. Two major threats—CORS misconfigurations and DNS rebinding—can expose local services to remote attacks.

You Should Know:

1. CORS (Cross-Origin Resource Sharing) Misconfigurations

CORS is designed to restrict cross-origin requests, but misconfigurations can allow attackers to bypass same-origin policies.

Example of a Vulnerable CORS Configuration (Node.js):

const express = require('express');
const app = express();

app.use((req, res, next) => {
res.header("Access-Control-Allow-Origin", ""); // Dangerous!
res.header("Access-Control-Allow-Methods", "GET, POST");
next();
});

app.get('/sensitive-data', (req, res) => {
res.json({ user: 'admin', token: 'secret123' });
});

app.listen(3000, () => console.log('Server running on port 3000'));

Mitigation:

res.header("Access-Control-Allow-Origin", "https://trusted-domain.com");

2. DNS Rebinding Attacks

Attackers can bypass IP-based restrictions by rebinding a domain to a localhost IP.

Testing DNS Rebinding Locally:

  1. Modify `/etc/hosts` to point a domain to a local IP: 
    echo "127.0.0.1 malicious-site.com" | sudo tee -a /etc/hosts
  2. Use a tool like `dnschef` to simulate DNS rebinding: 
    sudo dnschef --fakeip 127.0.0.1 --interface 0.0.0.0 --nameservers 8.8.8.8

Prevention:

  • Disable wildcard DNS (0.0.0.0 binding).
  • Use firewall rules to block unauthorized localhost access: 
    sudo iptables -A INPUT -i lo -j DROP 
sudo iptables -A INPUT -s 127.0.0.1 -j ACCEPT

3. Securing Local Services

  • Disable unused services: 
    sudo systemctl stop apache2 mysql
  • Use authentication for local APIs: 
    curl -u user:pass http://localhost:3000/api
  • Check open ports: 
    netstat -tulnp | grep LISTEN

What Undercode Say

Localhost is not inherently safe. Attackers exploit weak CORS policies and DNS rebinding to hijack local services. Developers must enforce strict access controls, disable unnecessary services, and monitor network activity.

Expected Output:

  • Secure CORS headers (Access-Control-Allow-Origin restricted).
  • Firewall rules blocking unauthorized localhost access.
  • Regular port scans to detect exposed services.

Reference:

Localhost dangers: CORS and DNS rebinding

Prediction

As web applications grow more complex, localhost vulnerabilities will be increasingly exploited in supply chain attacks. Zero-trust architectures and stricter CORS policies will become standard defenses.

References:

Reported By: Devansh Batham – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: