Skip to content
/ HtmlSmuggling Public
forked from abdulkadir-gungor/HtmlSmuggling

muggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

License

View license
0 stars 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

isnotaval/HtmlSmuggling

BranchesTags
 
 

Repository files navigation

HtmlSmuggling

  HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections.

  The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

1) HtmlSmuggling.py : Embeds the selected binary file (exe, dll, docx, pdf, etc) into the Javascript file. Obfuscates Javascript functions. This makes it difficult to decode javascript functions.

  "HtmlSmuggling" attack type is an attack type affected by browser settings. In addition, EXE, DLL type files downloaded from the internet can be blocked by smartscreen. However, PDF, DOCX attacks are more successful.

htmlsmuggling   [jpg source: From the training notes, Abdulkadir GÜNGÖR]

Using the Script

[Command]

>> HtmlSmuggling.py filename filepath

filename: Browser refers to the file name to be given to the file to be downloaded. It is the file name that will be seen in the browser and the downloaded folder.

filepath: The path of the file to be downloaded

[Command Example]

>> HtmlSmuggling.py MicrosoftOffice.exe c:\Users\user0\Desktop\malware.exe
>> HtmlSmuggling.py Office365.dll c:\Users\user0\Desktop\malware.dll
>> HtmlSmuggling.py application.pdf c:\Users\user0\Desktop\malware.pdf
>> HtmlSmuggling.py application.docx c:\Users\user0\Desktop\malware.docx

The Compiled Version of the Program Can be Downloaded from the Links Below.

"Html Smuggling"
HtmlSmuggling.rar --> zip password: "gung0r_HtmlSmuggling"
Link = https://drive.google.com/file/d/1nywAbA8fEx6lFPz5snI05KeAMz8bTUcS/view?usp=sharing

Requirement

  Required library: pyinstaller

pip install pyinstaller

  "pyinstaller" will be used to make the code one piece executable

Compilation

  [Language : Python 3.8.5]

pyinstaller --onefile --icon=HtmlSmuggling.ico HtmlSmuggling.py

Video and Screenshots of the Vulnerability

  The use of the compiled version of the script is shown in the Youtube video. It can be viewed at the link below.

[Youtube Link] https://www.youtube.com/watch?v=_rQrLeDaFSU

[ScreenShot 1] b1

[ScreenShot 2] a2

[ScreenShot 3] a3

[ScreenShot 4] a4

[ScreenShot 4] a5

Legal Warning

  Run your tests on virtual machines. The responsibility for illegal use belongs to the user. Shared for educational purposes.

About

muggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.3%
  • HTML 4.7%