Hook and Control secret value #38
Comments
|
Hello, I've just tested with the latest version of Singularity, compiled with Go version "1.16.3", since we made a code change yesterday. It works for me. Maybe you pasted extraneous spaces? if the server returns "Temporary secret: 8cf4dbe7a4c056d0ae1b02f22026ae16287f88f4", you must copy and paste "8cf4dbe7a4c056d0ae1b02f22026ae16287f88f4" in your web browser. |
|
WebSocket connection to 'ws://ipaddress:3129/soows' failed: it shows as if there was a problem in the code below: |
|
Uncaught (in promise) TypeError: headers.get is not a function |
|
I've successfully tried "Hook and Control" against a service listening on localhost, with the latest version of the code and with the following configuration:
It looks like DNS rebinding did not work in the log you provided above, but there is too little information to confirm. Did you try the the "Simple Fetch Get" payload first before trying "Hook and Control"? Did it work? Can you provide more details on your environment, client and Singularity setup and target service? |
|
I found my error. Thanks |
Hook and Control (hook-and-control.js): Hijack target browsers and use them to access inaccessible resources from your own browser or other HTTP clients. You can retrieve the list of hooked browsers on the "soohooked" sub-domain of the Singularity manager host on port 3129 by default e.g. http://soohooked.rebinder.your.domain:3129/. To authenticate, submit the secret value dumped to the console by the Singularity server at startup.
The text was updated successfully, but these errors were encountered: