Some notes, mainly for myself.
Installing the Tor Browser on Windows can be done without administrative rights.
Start the Tor Browser and configure it:
Meek is a Tor pluggable transport for domain fronting, I select Amazon for domain fronting:
Tor Browser supports proxies:
Then I can connect to the Tor network with TLS via an Amazon server:
And then go to a web site to exfiltrate data:
In the packet capture, I just see DNS requests for a0.awsstatic.com followed by a TLS connection:
[…] Didier Stevens shows data exfil through Pastebin using the Tor browser and highlights that it is not indicated in a packet capture. Quickpost: Data Exfiltration With Tor Browser And Domain Fronting […]
Pingback by Week 3 – 2018 – This Week In 4n6 — Sunday 21 January 2018 @ 3:08
[…] can also use Tor browser in stead of Tor, but then I need to connect to port […]
Pingback by Quickpost: Retrieving Malware Via Tor On Windows | Didier Stevens — Sunday 21 January 2018 @ 22:46
Pretty neat!
Comment by xax0 — Tuesday 23 January 2018 @ 22:14
[…] Quickpost: Data Exfiltration With Tor Browser And Domain Fronting […]
Pingback by Overview of Content Published In January | Didier Stevens — Thursday 1 February 2018 @ 0:00
[…] Tor and domain fronting are also a great way to bypass filters where HTTPS inspection is not looking for a mismatch between outer and inner names https://blog.didierstevens.com/2018/01/20/quickpost-data-exfiltration-with-tor-browser-and-domain-fr… […]
Pingback by Data exfiltration techniques | Pen Test Partners — Thursday 31 October 2019 @ 15:31