OutBandit Usage
OutBandit – Out Of Band Exfiltration Tool
https://github.com/mymuzzy/OutBandit
With the ever-increasing need for web application security testing, the OutBandit tool has been developed to help security professionals test for out of band attacks. The OutBandit tool is an extension for the widely used Burp Suite web application security testing tool. Written in Java, it can test web applications running on both Windows and Linux environments. In this blog, we will guide you on how to install and use the OutBandit tool to perform out of band attacks.
Download: https://github.com/mymuzzy/OutBandit/releases/
Installation:
To install the OutBandit tool, follow the below steps:
1. Navigate to the Burp Extension tab.
2. Click on Add Extension.
3. Select type as Java and browse the jar file path, click next.
4. It will load successfully.
Sending a request to OutBandit:
To send a request to OutBandit, follow the below steps:
1. Navigate to the ‘Listener Interface’ tab in OutBandit.
2. Add your own/Burp external DNS/HTTP address.
3. Click on save and customize settings as per your preference (For best use, keep default setting).
4. Right-click on the request from the proxy or define the intersection point as per your desire in the Intruder tab.
5. Open the scan launcher.
6. Select a new scan configuration.
7. Click on the ‘Select individual issues’ option and enable ‘Extension-generated issue’.
8. Click OK and start the scan. Observe the logger tab; it should start scanning.
9. Once the payload is triggered, it will call the DNS call on the collaborator tab.
10. Every request will come with a unique number to identify the payload. (Sometimes it might not come, so you need to find it manually by using attack filters).
Searching for Payload:
To search for the payload, follow the below steps:
- Navigate to the ‘Search Payload’ tab in Burp.
- Enter your payload number, and it will pull the entire request with payload description.
- Send it to the repeater and exploit!!
The OutBandit tool is an essential tool for security professionals who want to test web applications for out of band attacks. By using this tool, you can easily send requests to OutBandit and search for payloads. This tool is simple to install and use, and it can test web applications running on both Windows and Linux environments. With the OutBandit tool, you can now perform wide-ranging out of band attacks in seconds, making it an essential tool for any security professional.