Http-Protocol-Exfil – Exfiltrate Information The usage of The HTTP Protocol Model ( – CLAPPC

Breaking News

Use the HTTP protocol model to ship a report little by little (“HTTP/1.0” is a zero and “HTTP/1.1” is a 1). It makes use of GET requests so the Blue Workforce would most effective see the requests for your IP deal with. On the other hand, it takes a very long time to ship larger recordsdata, as an example it wishes 1 hour to ship 200 KB, and the volume of requests can be very top (8 instances the collection of bytes of the report).

Create listener

To run the listener use with one non-compulsory argument: the port it’ll be listening in.

python3 [PORT]


Ship a report

To ship a report use with two necessary arguments: the report trail and the url of the listener; and one non-compulsory argument: the identify of the report created remotely (if now not used, the identify of the enter report is used).



python3 -u "" -i check.txt -o updated_test.txt


First the report is shipped:

If the variable debug is about to True (it’s by means of default) you’ll see the binary values within the listener log messages:

The brand new report is created with the content material of the enter report:


I believe (It’s not that i am certain) I learn any person on Twitter who claimed to have used this to exfiltrate knowledge and I preferred the speculation, in case you are that particular person let me know.

Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us