Chkdfront checks if your domain fronting is working by testing the targeted domain (fronted domain) against your domain front domain.
Features
Also Read – Pocsuite3 : Open-Sourced Remote Vulnerability Testing Framework
Installation
$ gem install chkdfront
Usage
Help menu:
-f, –front-target URL Fronted target domain or URL.
e.g. images.businessweek.com
-d, –domain-front DOMAIN DomainFront domain.
e.g. df36z1umwj2fze.cloudfront.net
-e, –expect STRING Expect a given string that indicates success. (case-sensitive) e.g. It works
-p, –provider NUM Choose CDN / Domain Front Provider:
[0] Auto (default – auto tune request.
Extra request to detect)
[1] Amazon (tune request for Amazon domain fronting)
[2] Azure (tune request for Azure domain fronting)
[3] Alibaba (tune request for Alibaba domain fronting)
-t, –troubleshoot [DOMAIN] Force troubleshooting procedures. execute troubleshooting procedures(ping, http,nslookup) for all parties (optional: original domain where CDN forwards, to include in the checks) e.g. c2.mydomain.com
–proxy USER:PASS@HOST:PORT Use proxy settings if you’re behind proxy. e.g. user1:Pass123@localhost:8080
–debug Force debugging. show response’s body and low-level request and response debug trace. (default enabled when test fails.)
-h, –help Show this message.
Usage:
/usr/local/bin/chkdfront
Example:
/usr/local/bin/chkdfront -f images.businessweek.com -d df36z1umwj2fze.cloudfront.net
/usr/local/bin/chkdfront -f images.businessweek.com -d df36z1umwj2fze.cloudfront.net –debug -t c2.mysite.com
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…