undefined | Better HN

0 pointsjtolj11y ago0 comments

Not following how this might present a security issue, but I'm curious for you to expand on this. Seems like even if the DNS record managed to change in the midst of a POST request, the post would pretty obviously fail to perform as expected.

But yes, an obvious disclaimer of "don't trust me by POSTing your bank passwords to any of these subdomains" might be in order.

0 comments

2 comments · 2 top-level

thedufer11y ago

You can trivially farm data that people are sending to their local apps by having DNS occasionally change to an IP you own (and then immediately back, to avoid detection). On that IP, you would have something that remembers the parts of the request that might be interesting (query parameters, body) and return a benign-looking error (just severing the connection without a response would probably do it). At the very least, you'd probably get some email/pass pairs that work on a few major sites.

extc11y ago

From your browser's perspective, the POST would fail, if it expected a certain response. That would happen after the site already recorded the contents of your POST.

j / k navigate · click thread line to collapse