DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for blind data exfiltration using Burp Collaborator (using both public and private servers), as well as using DNS without Burp. Content directly from SEC542: Web App Penetration Testing and Ethical Hacking.