Skip to content

it is malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page

Notifications You must be signed in to change notification settings

De3vil/HtmlSmuggling

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 

Repository files navigation

HtmlSmuggling

  • HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page.

  • The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link.

  • The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections.

  • The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

  • Embeds the selected binary file (exe, dll, docx, pdf, etc) into the Javascript file. Obfuscates Javascript functions. This makes it difficult to decode javascript functions.

  • Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victim’s device.

  • Inspired by : @abdulkadir-gungor

Requirements

  • python >= 3.8 ++ Download Python
  • os : Windows
  • os : Linux
  • os : Android (Termux)

Installation to Windows:

git clone https://github.com/De3vil/HtmlSmuggling.git
cd HtmlSmuggling
python HtmlSmuggling.py <FileName> <MalwarePath>

[+] Find Me on :

Abdulrahman Mohammed

If this tool has been useful for you, feel free to thank me by buying me a coffee :) Coffee B De3vil

About

it is malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages