This Mermaid Diagram gives you a visualization of the journey of carefully positioned exfildata on it's way to an informed listener, the headers are examples but we've found Host headers being the most popular, others work, and you should find them, but these are the top few.
So, If you imagine the high integrity domains being something like Microsoft, or your defense provider, or analytics, or even just an associated domain that's been seen in your DNS TXT records, or is a known service provider to your organization, this is more than enough for most web filtering systems, and allowlists.
More on this topic
Surgeon Script
date published:
reading-time: 3 min read
authors:
Working with specific parameters within web requests to Databounce
Data Bouncing With Jakoby
date published:
reading-time: 2 min read
authors:
Data Bouncing - PowerShell Version via Jakoby (Unit-259) - this version uses Hex in the hostname and defaults to a public interactsh (so you dont need your own DNS listener)
Identifying Candidates
date published:
reading-time: 2 min read
authors:
Example One is a glimpse into what is needed to identify DataBouncing Candidates
Recruiter - Send stuff
Interactsh - Listen for stuff
Target List - Stuff to be sent
Bouncing with Nick Dunn
date published:
reading-time: 2 min read
authors:
When we where conceptualizing data bouncing, Nick rolled his sleeves top and put together the first set of reliable python tools to get data out and rebuilt via databouncing, this is achieved over four scripts - https://github.com/N1ckDunn/DataBouncing/tree/main