Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files

00:00 - Introduction, why I created this script and a quick demo 01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are 05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE 06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources 09:55 - Making sure Snyk is happy with our code fix and going over some other findings 11:04 - Start of coding the XXE Script, creating the webserver 16:40 - Putting our webserver in a thread so we can also run a CLI 18:30 - Talking about how and why we are just going to use a global variable with our thread 19:20 - Having our terminal able to update the payload variable, so we can easily change files we want to exfil 22:30 - Creating a function to read an HTTP Request copied from Burp, so we can use it with python requests 29:28 - Testing out our function, and discovering we need to fix the path 33:20 - The skeleton of the script is done, adding in the logic to actually perform the XXE Attack but putting the file name in the wrong spot. 38:15 - Running our script and fixing up a few bugs 40:44 - Fixing up where we placed the file in our XXE Payload 42:15 - Adding comments in our code as we glance over it 43:30 - Adding some login in our script to tell the python server it is base64, which should help future proof it for doing XXE with other languages 47:30 - Adding argparse to our program, so we can get rid of hard coded variables 50:50 - Parsing the LHOST variable from the request file we have, so the server will send the file to the right location