reddit hackernews mail facebook facebook linkedin


A malicious DNS server for executing DNS Rebinding attacks on the fly.

Whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves.

What's great about dynamic DNS Rebinding rules is that you don't have to spin up your own malicious DNS server to start exploiting the browser's Same-origin policy. Instead, everyone can share the same public whonow server running on port 53 of

The beauty of whonow is that you can define the behavior of DNS responses via subdomains in the domain name itself. Using only a few simple keywords: A, (n)times, forever, and repeat, you can define complex and powerful DNS behavior.