This Burp Extension assists in exfiltration of blind Remote Code Execution output and SQL injection output over DNS via Burp Collaborator.

RCE Exfiltration

Usage

1. Select a platform from the dropdown menu.
2. Enter the desired command.
3. Press "Execute". This will generate a payload for your chosen platform.
4. Select "Copy payload to clipboard".
5. Execute the generated payload on your target.
6. Wait for results to appear in the output window.

Supported RCE targets

• Windows (Powershell)
• Linux (sh + ping)
• Linux (sh + nslookup)
• Linux (bash + ping)
• Linux (bash + nslookup)

SQLi Exfiltration

Usage

1. Select a DBMS and extraction query type from the dropdown menu.
2. Toggle between hex encoding output during DNS exfiltration (to preserve special characters, spaces, etc) or plaintext exfiltration.
3. Press "Dump". This will generate a payload for the chosen DBMS.
4. Select "Copy payload to clipboard".
5. Run the generated SQL query on your target.
6. Wait for results to appear in the output window.
   Extracted "table" and "column" data will populate in subsequent "column" and "row" payloads.

Supported SQLi targets

• Microsoft SQL Server (Stacked Queries)
• MySQL (Windows)
• PostgreSQL (Elevated Privileges)
• Oracle (Elevated Privileges)
• Oracle (XML External Entities)