Quickpost: Data Exfiltration With Tor Browser And Domain Fronting

Some notes, mainly for myself.

Installing the Tor Browser on Windows can be done without administrative rights.

Start the Tor Browser and configure it:

20180121-000840.png?w=775&h=592775×592

20180121-000910.png?w=662&h=563662×563

Meek is a Tor pluggable transport for domain fronting, I select Amazon for domain fronting:

20180121-000937.png?w=667&h=566667×566

Tor Browser supports proxies:

20180121-000953.png?w=664&h=565664×565

20180121-001052.png?w=658&h=560658×560

Then I can connect to the Tor network with TLS via an Amazon server:

20180121-001137.png?w=1024&h=6151024×615

And then go to a web site to exfiltrate data:

20180121-001335.png?w=1024&h=6081024×608

20180121-001444.png?w=1024&h=6001024×600

In the packet capture, I just see DNS requests for a0.awsstatic.com followed by a TLS connection:

20180121-004207.png?w=1024&h=3951024×395

Quickpost info

Article Link: https://blog.didierstevens.com/2018/01/20/quickpost-data-exfiltration-with-tor-browser-and-domain-fronting/