in Uncategorized, websec

WILSON Cloud Respwnder

If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band interactions to a remote server, which can indicate a potential security vulnerability. More recently, Projectdiscovery.io have come up with their alternative Interactsh which achieves the same goals.

However, I found that I sometimes wanted to keep receiving notifications of potential interactions long after I closed Burp for the day or killed my Interactsh sessions. Moreover, in many cases I wanted to not only point an application to a random URL, but to a specific file under my control. To address those needs I created a setup with a self-hosted DNS server and an NGINX web server which I have been running for over two years. I’m happy to introduce my solution today.

WILSON Cloud Respwnder is a Web Interaction Logger Sending Out Notifications (WILSON). With WILSON you can setup your own fully functional web and DNS servers with transparent logging of all incoming DNS and HTTP requests to a Slack or Discord channel.

Features include:

  • Monitor DNS and HTTP requests in real-time without time window constraints. Continue receiving notifications for weeks or months on end to find more bugs;
  • Send notifications to Slack and/or Discord webhooks;
  • View the complete HTTP requests in your logs, including POST bodies;
  • By default resolves every subdomain.yourdomain.com to the same web server, allowing you to choose meaningful names that are easy to work with;
  • Filter out specific domains from cluttering your notifications by adding them to /data/blacklist.txt;
  • Modify and serve your own content on the PHP web server by writing files to /www;
  • A full NGINX server is at your disposal for advanced configuration options;
  • A full bind9 DNS server allows you to host arbitrary DNS records for advanced test cases;

Getting a working copy should be reasonably straightforward, but do make you have the following in place:

  • a registered domain name, preferably one you won’t mind typing hundreds of times a day, so you may want to consider getting a short one;
  • docker-compose;
  • a Slack or Discord channel with a webhook URL to send alerts to;

Now head over to the GitHub repository fore more information and get started!

Write a Comment

Comment