Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files
00:00 - Introduction, why I created this script and a quick demo
01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are
05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE
06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources
09:55 - Making sure Snyk is happy with our code fix and going over some other findings
11:04 - Start of coding the XXE Script, creating the webserver
16:40 - Putting our webserver in a thread so we can also run a CLI
18:30 - Talking about how and why we are just going to use a global variable with our thread
19:20 - Having our terminal able to update the payload variable, so we can easily change files we want to exfil
22:30 - Creating a function to read an HTTP Request copied from Burp, so we can use it with python requests
29:28 - Testing out our function, and discovering we need to fix the path
33:20 - The skeleton of the script is done, adding in the logic to actually perform the XXE Attack but putting the file name in the wrong spot.
38:15 - Running our script and fixing up a few bugs
40:44 - Fixing up where we placed the file in our XXE Payload
42:15 - Adding comments in our code as we glance over it
43:30 - Adding some login in our script to tell the python server it is base64, which should help future proof it for doing XXE with other languages
47:30 - Adding argparse to our program, so we can get rid of hard coded variables
50:50 - Parsing the LHOST variable from the request file we have, so the server will send the file to the right location
