General hint for exfiltrating data

Written on 19.11.2019 23:07 by Ben Stock

I have seen that some students struggled with exfiltration sensitive information out of screecher, e.g., because they run into issues with encoding of payloads and such.

An alternative approach to this is to have a "landing page" on your attacker domain to which you can redirect the crawler and pass the information you want to extract via the URL fragment. You can then use that "landing page" to do the heavy lifting of posting your to leak endpoint. That has the benefit of having that boilerplate code only once.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.