A few days back I asked myself a question . How can I exfiltrate data from super restricted networks . Networks which allow only a certain number of ips and domains . So my first question was can I use google to exfiltrate data . Turns out we can . We use Google . I thought of two methods . But why google ? Because even in the most restricted environments you can access google and businesses use tools like google docs so it’s mostly allowed
- Use google search( This technique is still under work in progress . Will update it once done)
- Use google forms .
Make a google form and disable require sign in . Intercept a test response using burp . This can be used as a reference for the data exfiltration script . There will be a field that will have the test data you inserted . Replace the test data with the payload
This is the request . I replaced the email address field with a base64 encoded text to simulate data exfiltration . Automate it and you can use this to exfiltrate data from extremely restricted environment . Added the gmail.com since the field only accepts email data