HtmlSmuggling

  HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections.

  The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

  1) HtmlSmuggling.py : Embeds the selected binary file (exe, dll, docx, pdf, etc) into the Javascript file. Obfuscates Javascript functions. This makes it difficult to decode javascript functions.

  "HtmlSmuggling" attack type is an attack type affected by browser settings. In addition, EXE, DLL type files downloaded from the internet can be blocked by smartscreen. However, PDF, DOCX attacks are more successful.

  [jpg source: From the training notes, Abdulkadir GÜNGÖR]

Using the Script

[Command]

>> HtmlSmuggling.py filename filepath

  filename: Browser refers to the file name to be given to the file to be downloaded. It is the file name that will be seen in the browser and the downloaded folder.

  filepath: The path of the file to be downloaded

[Command Example]

>> HtmlSmuggling.py MicrosoftOffice.exe c:\Users\user0\Desktop\malware.exe
>> HtmlSmuggling.py Office365.dll c:\Users\user0\Desktop\malware.dll
>> HtmlSmuggling.py application.pdf c:\Users\user0\Desktop\malware.pdf
>> HtmlSmuggling.py application.docx c:\Users\user0\Desktop\malware.docx

The Compiled Version of the Program Can be Downloaded from the Links Below.

"Html Smuggling"

HtmlSmuggling.rar --> zip password: "gung0r_HtmlSmuggling"

Link = https://drive.google.com/file/d/1nywAbA8fEx6lFPz5snI05KeAMz8bTUcS/view?usp=sharing

Requirement

  Required library: pyinstaller

pip install pyinstaller

  "pyinstaller" will be used to make the code one piece executable

Compilation

  [Language : Python 3.8.5]

pyinstaller --onefile --icon=HtmlSmuggling.ico HtmlSmuggling.py

Video and Screenshots of the Vulnerability

  The use of the compiled version of the script is shown in the Youtube video. It can be viewed at the link below.

[Youtube Link] https://www.youtube.com/watch?v=_rQrLeDaFSU

[ScreenShot 1]

[ScreenShot 2]

[ScreenShot 3]

[ScreenShot 4]

[ScreenShot 4]

Legal Warning

  Run your tests on virtual machines. The responsibility for illegal use belongs to the user. Shared for educational purposes.