Browsers protect against DNS rebinding by caching DNS entries for the entire browser session. even if the time-to-live sent by the server is short.
This demo attempts to steal a (harmless) HTML file from
You need to visit this page twice; try closing your browser and opening it again.
(This uses the DNS thing and chargen to save some work)
Everything should verify the
Host header. Everything. Also, SSL everywhere.