PacketWhisper – Stealthily Exfiltrating Data over DNS Queries

PacketWhisper Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls.

PacketWhisper – Stealthily Exfiltrating Data over DNS Queries

The tool combines DNS queries with text-based steganography. Leveraging the Cloakify Toolset, it transforms the payload into a list of FQDN strings and will uses the list of FQDNs to create sequential DNS queries, transferring the payload across (or within) network boundaries, with the data hidden in plain sight, and without the two systems ever directly connecting to a each other or to a common endpoint.

Receiving the data is by running a packet capture and collect the PCAP file and load them back to PacketWhisper which will extract the payload and get you the affected data.

DNS is an attractive protocol to use because, even though it’s a relatively slow means of transferring data, DNS is almost always allowed across network boundaries, even on the most sensitive networks.

You can read more and download this tool over here: https://github.com/TryCatchHCF/PacketWhisper

Share