RedDrop: web server for capturing and processing encoded and encrypted payloads
RedDrop Exfil Server
RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers, Red Teamers, and Security Professionals which features:
- File Upload
- Automatic Payload Processing
- Automatic Archive Extraction
- JSON Logging
- Configurable Options
- Authorization Rules
This software is intended to be used as a rudimentary C2 endpoint for capturing web request data in various scenarios. Some examples may include:
- A blind command injection vulnerability
- An XSS attack where a quick and dynamic web request logging server is needed
- A situation where remote shell access has been obtained and a verbose-logging web-based exfiltration server is desired
A note on security
This software should not be left generally accessible to the broader Internet. It is built with what some might consider an Arbitrary File Upload vulnerability by intention and will accept and save files to the local disk without authentication. Due diligence should be taken to ensure that the system this software is deployed to is secured properly. A few recommendations:
- Utilize the Authorization Rules feature of RedDrop to drop requests which do not meet your criteria.
- Place a Reverse Proxy to route and block traffic to this web application
- Whitelist your target’s IP space
- Don’t auto-extract archives without understanding my filtering method
Install & Use
Copyright (C) 2022 cyberbutler
