Data Exfiltration

Web Server

HTTP Server

💡 To host web pages (.html, .js, etc.) on http://localhost:80, cd to file directory and then start the SimpleHTTPServer.

Local HTTP server that displays all requests like a webhook. Also works on Windows 🙂

# Python 2.7
python -m SimpleHTTPServer 80

# Python 3.x
python -m http.server

On Windows, in CMD window:

cd C:\<website directory>
C:\Python27\python.exe -m SimpleHTTPServer 8081

Webhook

Exfiltrate data (e.g. cookies in parameter) with a webhook:

• Burp Suite‘s Collaborator (PRO version only)
• Ngrok
• Webhook.site – All requests to this website are logged, exfiltrate data via parameters – FLAGGED BY OTX 🙁
• Requestbin

Temporary email addresses

• http://www.yopmail.com/en/
• https://webhook.site
• Duck Duck Go Email Protection – email forwarder

Temporary File Storage

• tmpfiles.org

Paste

• Offsec paste

DNS

See Domain Name System (DNS) – port 53.

Use dnserver.

sudo pip install dnserver

Download example file example_zones.toml.

wget -O zones.toml https://raw.githubusercontent.com/samuelcolvin/dnserver/main/example_zones.toml

Replace example.com by your domain, like myprecious.pwn, in the zones.toml file.

sudo python3 -m dnserver --port 5053 zones.toml

Test:

dig @myprecious.pwn -p 5053 myprecious.pwn MX