I don't think you understand his hack - but then, that's understandable, because... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		javajosh on Sept 18, 2014 \| parent \| context \| favorite \| on: TXT Record XSS I don't think you understand his hack - but then, that's understandable, because it wouldn't work anyway without modifying the browser. You'd need a special client (or a proxy) to feed the content of DNS TXT record directly to the browser, because you're not using HTTP (or even TCP) anymore. Exercise for the reader (the proxy soln): write a server called txtdns.com that returns the content of TXT records as HTML. The path would look like http://txtdns.com/example.com - and the key is that the server is only accessing DNS, even though your client is using TCP and HTTP.

tripzilch on Sept 18, 2014 [–]

would make more sense to have it be a local proxy, IMO?

(and probably be easier to boot, given the right scripting language/libraries that should be doable in 10-30 lines of code or so)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact