DNS Exfilnspector

DNS Exfilnspector automatically decodes DNS exfiltration queries captured through Burp Collaborator, converting blind remote code execution into visible output. The extension continuously monitors Collaborator interactions and decodes exfiltrated data in real-time, eliminating the need for manual decoding.

Features

• Automatic generation and reuse of Burp Collaborator links for multiple exfiltration sessions
• Real-time monitoring and decoding of DNS queries with support for hex, base64, and base32 encoding
• Configurable base64 character substitution for DNS-safe exfiltration (handles special characters like =, /, and +)
• Multi-line output support with automatic duplicate filtering and sequential ordering
• Export functionality to save both raw DNS queries and decoded output locally

Usage

1. Navigate to the DNS Exfilnspector tab and click "Get New Link" to generate a Burp Collaborator domain
2. Select the encoding format (hex, base64, or base32) that matches your exfiltration method
3. For base64 exfiltration, configure the character substitution settings to match your DNS-safe replacements (default: eqls for =, slash for /, plus for +)
4. Use the generated Collaborator link in your DNS exfiltration payload on the target system
5. The extension automatically monitors for DNS interactions, stops listening when data transmission completes, and displays the decoded output
6. Click "Continue Listening" to reuse the same Collaborator link for additional exfiltration, or "Get New Link" to generate a fresh domain
7. Use "Save Raw" or "Save Decoded" buttons to export the captured data to a local file