31
8
I was reading an article about Server-Side Request Forgery. In that article the attacker found that 127.0.0.1
was open to the internet. The victim then blocked 127.0.0.1
, but because many other IPs and apparently also some domains are also resolved to to that, including the mysterious localtest.me
, he was able to bypass a weak text-based filter.
What is so special about
localtest.me
?Are there others? (And how to find them?)
UPDATE
I found: http://readme.localtest.me/
Apparently someone decided to register that domain in a funny way, for testing purposes:
Here’s how it works. The entire domain name localtest.me—and all wildcard entries—point to 127.0.0.1. So without any changes to your host file you can immediate start testing with a local URL.
However, I'm still not sure how you can register an external domain to a local one. This is confusing as a tracert localtest.me
never even leaves the machine. How is this handled on the low level?
I then found several more in these comments and elsewhere:
lvh.me
vcap.me
fuf.me - IPv4 and IPv6
ulh.us
127-0-0-1.org.uk
ratchetlocal.com
smackaho.st
42foo.com
beweb.com
yoogle.com
ortkut.com
feacebook.com
22This is really simple: Registering a domain name and assigning an IP address are two different things. Anyone can register any domain name for any reason. One must simply pay the domain registrar, going trough the virtual “paperwork” and then, like magic, you have a domain name. But then assigning an IP address to that domain is a whole different beast. Anyone can assign any IP address to a domain name. A domain name is simply a pointer that makes life easier. – JakeGould – 2017-12-29T06:06:16.223
One such domain name that is connected to quite some disturbance of the force recently is
bealocalhost.de
– Hagen von Eitzen – 2017-12-29T22:40:13.420