English

Browser-Based Covert Data Exfiltration

Cryptography and Security 2010-04-27 v1
Authors: Kenton Born
View on arXiv PDF

Abstract

Current best practices heavily control user permissions on network systems. This effectively mitigates many insider threats regarding the collection and exfiltration of data. Many methods of covert communication involve crafting custom packets, typically requiring both the necessary software and elevated privileges on the system. By exploiting the functionality of a browser, covert channels for data exfiltration may be created without additional software or user privileges. This paper explores novel methods of using a browser's JavaScript engine to exfiltrate documents over the Domain Name System (DNS) protocol without sending less covert Hypertext Transfer Protocol (HTTP) requests.

Keywords

web browsing cloud security

Cite

@article{arxiv.1004.4357,
  title  = {Browser-Based Covert Data Exfiltration},
  author = {Kenton Born},
  journal= {arXiv preprint arXiv:1004.4357},
  year   = {2010}
}

Comments

In Proceedings of the 9th Annual Security Conference, Las Vegas, NV, April 7-8, 2010

Related papers

View all related →
Cryptography and Security · Computer Science
A Covert Channel Using Named Resources
Joshua Davis, Victor S. Frost
2014-08-21
Cryptography and Security · Computer Science
A Covert Data Transport Protocol
Yu Fu, Zhe Jia, Lu Yu, Xingsi Zhong +1
2017-04-04
Cryptography and Security · Computer Science
A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques
Minzhao Lyu, Hassan Habibi Gharakheili, Vijay Sivaraman
2024-07-08
Cryptography and Security · Computer Science
Detection of Malicious and Low Throughput Data Exfiltration Over the DNS Protocol
Asaf Nadler, Avi Aminov, Asaf Shabtai
2018-06-19
Cryptography and Security · Computer Science
New Covert Channels in HTTP
Matthias Bauer
2007-05-23
Cryptography and Security · Computer Science
A Lightweight Adaptable DNS Channel for Covert Data Transmission
Mahboubeh Nazari, Sousan Tarahomi, Sobhan Aliabady
2020-04-01
Cryptography and Security · Computer Science
Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures
Constantinos Patsakis, Fran Casino, Vasilios Katos
2019-09-17
Cryptography and Security · Computer Science
Fingerprinting Browsers in Encrypted Communications
Sandhya Aneja, Nagender Aneja
2024-10-29
Cryptography and Security · Computer Science
DNS Tunneling: A Deep Learning based Lexicographical Detection Approach
Franco Palau, Carlos Catania, Jorge Guerra, Sebastian Garcia +1
2020-06-16
Operating Systems · Computer Science
Exploiting Page Faults for Covert Communication
Sathvik Swaminathan
2025-09-26
Cryptography and Security · Computer Science
CYPRESS: Transferring Secrets in the Shadow of Visible Packets
Sirus Shahini, Robert Ricci
2025-11-11
Cryptography and Security · Computer Science
Subverting Stateful Firewalls with Protocol States (Extended Version)
Amit Klein
2022-09-02
Cryptography and Security · Computer Science
Design of Transport Layer Based Hybrid Covert Channel Detection Engine
Anjan K, Jibi Abraham, Mamatha Jadhav
2011-01-04
Cryptography and Security · Computer Science
WebPol: Fine-grained Information Flow Policies for Web Browsers
Abhishek Bichhawat, Vineet Rajani, Jinank Jain, Deepak Garg +1
2023-05-09
Cryptography and Security · Computer Science
Collaborative Privacy for Web Applications
Yihao Hu, Ari Trachtenberg, Prakash Ishwar
2019-11-19
Cryptography and Security · Computer Science
User Profiles: The Achilles' Heel of Web Browsers
Dolière Francis Somé, Moaz Airan, Zakir Durumeric, Cristian-Alexandru Staicu
2025-04-25
Cryptography and Security · Computer Science
Privacy protocols
Jason Castiglione, Dusko Pavlovic, Peter-Michael Seidel
2023-11-03
Cryptography and Security · Computer Science
Web Content Signing with Service Workers
Thomas Sutter, Kevin Lapagna, Peter Berlich, Marc Rennhard +1
2021-05-13
Cryptography and Security · Computer Science
EmPoWeb: Empowering Web Applications with Browser Extensions
Dolière Francis Somé
2019-01-14
Networking and Internet Architecture · Computer Science
Network Traffic Obfuscation and Automated Internet Censorship
Lucas Dixon, Thomas Ristenpart, Thomas Shrimpton
2016-11-15
Information Retrieval · Computer Science
Design and Implementation of Domain based Semantic Hidden Web Crawler
Manvi, Komal Kumar Bhatia, Ashutosh Dixit
2015-09-24
Cryptography and Security · Computer Science
HTML5 Zero Configuration Covert Channels: Security Risks and Challenges
Jason Farina, Mark Scanlon, Stephen Kohlmann, Nhien-An Le Khac +1
2015-10-05
Cryptography and Security · Computer Science
DNS Covert Channel Detection via Behavioral Analysis: a Machine Learning Approach
Salvatore Saeli, Federica Bisio, Pierangelo Lombardo, Danilo Massa
2020-10-06
Performance · Computer Science
Compression Scheme for Faster and Secure Data Transmission Over Internet
B. S. Shajeemohan, Dr. V. K. Govindan
2007-05-23
Cryptography and Security · Computer Science
Cross-Router Covert Channels
Adar Ovadya, Rom Ogen, Yakov Mallah, Niv Gilboa +1
2019-08-08
R2 v1 2026-06-21T15:14:31.369Z