DNS exfiltration over HTTP is a stealthy attack that enables you to bypass web application firewalls. Not many security researchers and penetration testers fully understand it. So in this video, we dive deep on what is DNS exfiltration and how it works and how to use it to bypass firewalls and maximize the impact. make sure to subscribe and turn on the notifications bell.
{----- Lab -----}
github.com/leetCipher/bug-bou...
{----- Support -----}
/ leetcipher
{----- social -----}
/ leetcipher
{----- Video chapters -----}
0:00 intro
0:13 lab setup
1:04 lab overview
1:33 fuzzing the vulnerable parameter
3:20 tcp vs udp traffic
4:13 what is dns
4:43 interactsh
5:17 installing interactsh
5:53 how dns servers handle domain queries
6:21 testing our theory
7:00 domain name anatomy
8:05 planning the attack/exfiltration
9:27 implementing the exploit in bash
10:33 running the exploit in burp suite
11:37 implementing the exploit in python
12:29 running the exploit in burp suite
12:57 decoding the payloads using python
13:45 adding even more constraints
14:27 adding a custom base64 encoding to our exploit
15:03 running the exploit in burp suite
15:18 decoding the exfiltrated payloads
16:03 outro
#hacking #bugbounty #penetrationtesting
2 авг 2024