00:00 - Introduction, why I created this script and a quick demo
01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are
05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE
06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources
09:55 - Making sure Snyk is happy with our code fix and going over some other findings
11:04 - Start of coding the XXE Script, creating the webserver
16:40 - Putting our webserver in a thread so we can also run a CLI
18:30 - Talking about how and why we are just going to use a global variable with our thread
19:20 - Having our terminal able to update the payload variable, so we can easily change files we want to exfil
22:30 - Creating a function to read an HTTP Request copied from Burp, so we can use it with python requests
29:28 - Testing out our function, and discovering we need to fix the path
33:20 - The skeleton of the script is done, adding in the logic to actually perform the XXE Attack but putting the file name in the wrong spot.
38:15 - Running our script and fixing up a few bugs
40:44 - Fixing up where we placed the file in our XXE Payload
42:15 - Adding comments in our code as we glance over it
43:30 - Adding some login in our script to tell the python server it is base64, which should help future proof it for doing XXE with other languages
47:30 - Adding argparse to our program, so we can get rid of hard coded variables
50:50 - Parsing the LHOST variable from the request file we have, so the server will send the file to the right location
Support the originator by clicking the read the rest link below.
