Data Bouncing: How HTTP Headers Leak Data
Find Threat Talks on
Data Bouncing: How HTTP Headers Leak Data
You harden endpoints. You filter egress. You deploy malware detectors. And still, data slips out. In this Threat Talks Deep Dive, our host sits down with Luca Cipriano—CTI and Red Team Program Lead—to unpack Data Bouncing, a stealthy exfiltration move that piggybacks on trusted web traffic. Using real-world demos, Luca shows how attackers encode files, split them into chunks, and hide them in headers that trigger DNS lookups by major sites. The result? Your SOC sees hp.com traffic; the attacker sees your secrets. By the end, you’ll know why Data Bouncing beats naive controls and how to fight back with decryption, detection, and disciplined egress.
Key topics:
- Burp Suite + Interact.sh demo of the technique
- Abusing X-Forwarded-For and referrer resolution
- DNS-based exfiltration via third parties
- Practical defenses: TLS decryption, DPI, DGA detection, egress control
Your cybersecurity experts
Rob Maas
Field CTO
ON2IT
Episode details
Attackers don’t always smash the front door—they borrow your neighbors’. Luca Cipriano walks through a crisp, hands-on demo: a “secret.txt” gets Base64-encoded, sliced into chunks, and smuggled inside HTTP headers to a legitimate domain. That domain, doing what many do—resolving header values—fires DNS queries that land on the attacker’s controlled host. To your logs, it’s routine web browsing. To the adversary, it’s your data reconstructed on the other side.
We then flip to defense. If you can’t see encrypted headers, you can’t stop the leak—so enable TLS decryption where policy allows, strip sensitive headers, and use deep packet inspection to flag DGA-like subdomains. Tighten egress: servers shouldn’t talk to the entire internet. Finally, validate your stack: reproduce the Data Bouncing flow with free tools and confirm your SOC actually catches it. Knowledge beats panic; control beats noise.
Get your Hacker T-shirt
Join the treasure hunt!
Find the code within this episode and receive your own hacker t-shirt for free.
