{"id":13510675,"url":"https://github.com/abdulkadir-gungor/HtmlSmuggling","last_synced_at":"2025-03-30T16:34:39.211Z","repository":{"id":40274571,"uuid":"505384557","full_name":"abdulkadir-gungor/HtmlSmuggling","owner":"abdulkadir-gungor","description":"HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF","archived":false,"fork":false,"pushed_at":"2022-06-20T11:13:48.000Z","size":16,"stargazers_count":99,"open_issues_count":0,"forks_count":20,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-08-02T02:17:12.762Z","etag":null,"topics":["abdulkadir","abdulkadir-gungor","cyber-security","cybersecurity","ethical-hacking","ethical-hacking-tools","evasive-loader","evasive-loader-technique","evasive-maneuvers","gungor","html","html-smuggling","htmlsmuggling","javascript","malware-research"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abdulkadir-gungor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-06-20T09:56:10.000Z","updated_at":"2024-07-25T08:19:58.000Z","dependencies_parsed_at":"2022-08-03T00:01:21.483Z","dependency_job_id":null,"html_url":"https://github.com/abdulkadir-gungor/HtmlSmuggling","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abdulkadir-gungor%2FHtmlSmuggling","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abdulkadir-gungor%2FHtmlSmuggling/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abdulkadir-gungor%2FHtmlSmuggling/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abdulkadir-gungor%2FHtmlSmuggling/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abdulkadir-gungor","download_url":"https://codeload.github.com/abdulkadir-gungor/HtmlSmuggling/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222566739,"owners_count":17004237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abdulkadir","abdulkadir-gungor","cyber-security","cybersecurity","ethical-hacking","ethical-hacking-tools","evasive-loader","evasive-loader-technique","evasive-maneuvers","gungor","html","html-smuggling","htmlsmuggling","javascript","malware-research"],"created_at":"2024-08-01T02:01:49.328Z","updated_at":"2024-11-01T11:31:03.452Z","avatar_url":"https://github.com/abdulkadir-gungor.png","language":"Python","funding_links":[],"categories":["Python","javascript"],"sub_categories":[],"readme":"# HtmlSmuggling\n\u0026emsp; HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections.\n\n\u0026emsp; The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF\n\n\u0026emsp; **1) HtmlSmuggling.py :** Embeds the selected binary file (exe, dll, docx, pdf, etc) into the Javascript file. Obfuscates Javascript functions. This makes it difficult to decode javascript functions.\n\n\u0026emsp; \"HtmlSmuggling\" attack type is an attack type affected by browser settings. In addition, EXE, DLL type files downloaded from the internet can be blocked by smartscreen. However, PDF, DOCX attacks are more successful.\n\n![htmlsmuggling](https://user-images.githubusercontent.com/71177413/174580595-4ade6473-7d2a-4ef6-ab98-c788fbd5d3e5.JPG)\n\u0026emsp; [jpg source: From the training notes, Abdulkadir GÜNGÖR]\n\nUsing the Script\n---\n\n**[Command]**\n```\n\u003e\u003e HtmlSmuggling.py filename filepath\n```\n\u0026emsp; **filename:** Browser refers to the file name to be given to the file to be downloaded. It is the file name that will be seen in the browser and the downloaded folder.\n\n\u0026emsp; **filepath:** The path of the file to be downloaded\n\n**[Command Example]**\n```\n\u003e\u003e HtmlSmuggling.py MicrosoftOffice.exe c:\\Users\\user0\\Desktop\\malware.exe\n\u003e\u003e HtmlSmuggling.py Office365.dll c:\\Users\\user0\\Desktop\\malware.dll\n\u003e\u003e HtmlSmuggling.py application.pdf c:\\Users\\user0\\Desktop\\malware.pdf\n\u003e\u003e HtmlSmuggling.py application.docx c:\\Users\\user0\\Desktop\\malware.docx\n```\n\n\nThe Compiled Version of the Program Can be Downloaded from the Links Below.\n---\n\u003cdl\u003e\n  \u003cdt\u003e \"Html Smuggling\"\n  \u003cdd\u003e\n  \u003cdd\u003e HtmlSmuggling.rar --\u003e zip password: \"gung0r_HtmlSmuggling\"\n  \u003cdd\u003e Link = https://drive.google.com/file/d/1nywAbA8fEx6lFPz5snI05KeAMz8bTUcS/view?usp=sharing\n\u003c/dl\u003e\n\n\nRequirement\n---\n\u0026emsp; Required library: pyinstaller\n\n```\npip install pyinstaller\n```\n\n\u0026emsp; \"pyinstaller\" will be used to make the code one piece executable\n\nCompilation\n---\n\u0026emsp; [Language : Python 3.8.5]\n```\npyinstaller --onefile --icon=HtmlSmuggling.ico HtmlSmuggling.py\n```\n\nVideo and Screenshots of the Vulnerability\n---\n\u0026emsp; The use of the compiled version of the script is shown in the Youtube video.\nIt can be viewed at the link below.\n\n**[Youtube Link]** [https://www.youtube.com/watch?v=_rQrLeDaFSU](https://www.youtube.com/watch?v=ft7rdZVFv_c)\n\n **[ScreenShot 1]**\n![b1](https://user-images.githubusercontent.com/71177413/174581941-8bc693dd-2d0c-4fa2-b1cc-900cbcd3fc0c.png)\n\n\n**[ScreenShot 2]**\n![a2](https://user-images.githubusercontent.com/71177413/174581963-d49e485a-b0e8-4fb1-a56c-5e85e3d3563e.png)\n\n**[ScreenShot 3]**\n![a3](https://user-images.githubusercontent.com/71177413/174581996-5c21783d-9acd-4411-bcde-b74287128ab2.png)\n\n**[ScreenShot 4]**\n![a4](https://user-images.githubusercontent.com/71177413/174582053-c683d209-ed76-449a-9897-812fa9f99edb.png)\n\n**[ScreenShot 4]**\n![a5](https://user-images.githubusercontent.com/71177413/174582090-a9d438ac-a27a-49a0-a4d4-3eeae0e32f69.png)\n\n\nLegal Warning\n---\n\u0026emsp; Run your tests on virtual machines. The responsibility for illegal use belongs to the user. Shared for educational purposes.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabdulkadir-gungor%2FHtmlSmuggling","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabdulkadir-gungor%2FHtmlSmuggling","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabdulkadir-gungor%2FHtmlSmuggling/lists"}