Didier Stevens

Saturday 20 January 2018

Quickpost: Data Exfiltration With Tor Browser And Domain Fronting

Filed under: Quickpost — Didier Stevens @ 23:46

Some notes, mainly for myself.

Installing the Tor Browser on Windows can be done without administrative rights.

Start the Tor Browser and configure it:

Meek is a Tor pluggable transport for domain fronting, I select Amazon for domain fronting:

Tor Browser supports proxies:

Then I can connect to the Tor network with TLS via an Amazon server:

And then go to a web site to exfiltrate data:

In the packet capture, I just see DNS requests for a0.awsstatic.com followed by a TLS connection:


Quickpost info

Blog at WordPress.com.