https://github.com/abdulkadir-gungor/HtmlSmuggling

HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF
https://github.com/abdulkadir-gungor/HtmlSmuggling

abdulkadir abdulkadir-gungor cyber-security cybersecurity ethical-hacking ethical-hacking-tools evasive-loader evasive-loader-technique evasive-maneuvers gungor html html-smuggling htmlsmuggling javascript malware-research

Last synced: 3 months ago
JSON representation

HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

• Host: GitHub
• URL: https://github.com/abdulkadir-gungor/HtmlSmuggling
• Owner: abdulkadir-gungor
• License: other
• Created: 2022-06-20T09:56:10.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2022-06-20T11:13:48.000Z (over 2 years ago)
• Last Synced: 2024-08-02T02:17:12.762Z (6 months ago)
• Topics: abdulkadir, abdulkadir-gungor, cyber-security, cybersecurity, ethical-hacking, ethical-hacking-tools, evasive-loader, evasive-loader-technique, evasive-maneuvers, gungor, html, html-smuggling, htmlsmuggling, javascript, malware-research
• Language: Python
• Homepage:
• Size: 15.6 KB
• Stars: 99
• Watchers: 3
• Forks: 20
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

        
# HtmlSmuggling

  HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections.

  The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

  **1) HtmlSmuggling.py :** Embeds the selected binary file (exe, dll, docx, pdf, etc) into the Javascript file. Obfuscates Javascript functions. This makes it difficult to decode javascript functions.

  "HtmlSmuggling" attack type is an attack type affected by browser settings. In addition, EXE, DLL type files downloaded from the internet can be blocked by smartscreen. However, PDF, DOCX attacks are more successful.

![htmlsmuggling](https://user-images.githubusercontent.com/71177413/174580595-4ade6473-7d2a-4ef6-ab98-c788fbd5d3e5.JPG)

  [jpg source: From the training notes, Abdulkadir GÜNGÖR]

Using the Script

---

**[Command]**

```

>> HtmlSmuggling.py filename filepath

```

  **filename:** Browser refers to the file name to be given to the file to be downloaded. It is the file name that will be seen in the browser and the downloaded folder.

  **filepath:** The path of the file to be downloaded

**[Command Example]**

```

>> HtmlSmuggling.py MicrosoftOffice.exe c:\Users\user0\Desktop\malware.exe

>> HtmlSmuggling.py Office365.dll c:\Users\user0\Desktop\malware.dll

>> HtmlSmuggling.py application.pdf c:\Users\user0\Desktop\malware.pdf

>> HtmlSmuggling.py application.docx c:\Users\user0\Desktop\malware.docx

```

The Compiled Version of the Program Can be Downloaded from the Links Below.

---



  
 "Html Smuggling"

  



  
 HtmlSmuggling.rar --> zip password: "gung0r_HtmlSmuggling"

  
 Link = https://drive.google.com/file/d/1nywAbA8fEx6lFPz5snI05KeAMz8bTUcS/view?usp=sharing









Requirement

---

  Required library: pyinstaller

```

pip install pyinstaller

```

  "pyinstaller" will be used to make the code one piece executable

Compilation

---

  [Language : Python 3.8.5]

```

pyinstaller --onefile --icon=HtmlSmuggling.ico HtmlSmuggling.py

```

Video and Screenshots of the Vulnerability

---

  The use of the compiled version of the script is shown in the Youtube video.

It can be viewed at the link below.

**[Youtube Link]** [https://www.youtube.com/watch?v=_rQrLeDaFSU](https://www.youtube.com/watch?v=ft7rdZVFv_c)

 **[ScreenShot 1]**

![b1](https://user-images.githubusercontent.com/71177413/174581941-8bc693dd-2d0c-4fa2-b1cc-900cbcd3fc0c.png)

**[ScreenShot 2]**

![a2](https://user-images.githubusercontent.com/71177413/174581963-d49e485a-b0e8-4fb1-a56c-5e85e3d3563e.png)

**[ScreenShot 3]**

![a3](https://user-images.githubusercontent.com/71177413/174581996-5c21783d-9acd-4411-bcde-b74287128ab2.png)

**[ScreenShot 4]**

![a4](https://user-images.githubusercontent.com/71177413/174582053-c683d209-ed76-449a-9897-812fa9f99edb.png)

**[ScreenShot 4]**

![a5](https://user-images.githubusercontent.com/71177413/174582090-a9d438ac-a27a-49a0-a4d4-3eeae0e32f69.png)

Legal Warning

---

  Run your tests on virtual machines. The responsibility for illegal use belongs to the user. Shared for educational purposes.