Bob the Smuggler - HTML Smuggling Attack Tool

Home
/
Pentesting Tools
/
Bob the Smuggler – HTML Smuggling Attack Tool

Pentesting Tools

Prapattimynk

231Views

Bob the Smuggler – HTML Smuggling Attack Tool

January 15, 20243 min read

https://github.com/TheCyb3rAlpha/BobTheSmuggler

“Bob the Smuggler”: A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).

Quick Update

Jan 15th, 2024 – Support for multi-file compression has been added. If you have multiple files generated for your final payload (e.g., DLL-Sideloading files or multi-stage delivery files), you can now use the ‘-i’ option to specify the directory path. If a directory path is provided, BobTheSmuggler will automatically archive all the files in that directory, XOR encrypt the archive, and embed it inside PNG/GIF.

Project Description

“Bob the Smuggler” is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots). The JavaScript embedded within the HTML will download the PNG/GIF file and store it in the cache. Following this, the JavaScript will extract the data embedded in the PNG/GIF, assemble it, perform XOR decryption, and then store it as an in-memory blob.

This tool currently support the following payload Delivery Chains:

.EXE/.DLL –> .7z/.Zip (Password Protected) –> .JS –> .HTML
.EXE/.DLL –> .7z/.Zip (Password Protected) –> .JS –> .SVG –> .HTML
.EXE/.DLL –> .7z/.Zip (Password Protected) –> .PNG/.GIF –> .JS –> .HTML
.EXE/.DLL –> .7z/.Zip (Password Protected) –> .PNG/.GIF –> JS –> .SVG –> .HTML

Key Features

Stealthy File Concealment: Embed any file type (EXE/DLL) securely within HTML pages, PNG, GIF, and SVG files, ensuring the data remains hidden in plain sight.
Versatile Embedding: Offers the flexibility to embed files in various formats, catering to diverse needs and scenarios.
Advanced Obfuscation: Utilizes sophisticated techniques to obfuscate the embedded data, further enhancing security and reducing detectability.
Custom Template Support: Allows the use of custom HTML and SVG templates for embedding, providing personalized and context-specific concealment.
Intuitive Interface: Features an easy-to-use command-line interface, making it accessible for both technical and non-technical users.
Visual Validation: Includes visualization tools for PNG files, offering users a way to confirm the successful embedding of data.