in ,

Bob the Smuggler – HTML Smuggling Attack Tool

“Bob the Smuggler”: A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).

Quick Update

Jan 15th, 2024 – Support for multi-file compression has been added. If you have multiple files generated for your final payload (e.g., DLL-Sideloading files or multi-stage delivery files), you can now use the ‘-i’ option to specify the directory path. If a directory path is provided, BobTheSmuggler will automatically archive all the files in that directory, XOR encrypt the archive, and embed it inside PNG/GIF.

Project Description

“Bob the Smuggler” is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots). The JavaScript embedded within the HTML will download the PNG/GIF file and store it in the cache. Following this, the JavaScript will extract the data embedded in the PNG/GIF, assemble it, perform XOR decryption, and then store it as an in-memory blob.

This tool currently support the following payload Delivery Chains:

  • .EXE/.DLL –> .7z/.Zip (Password Protected) –> .JS –> .HTML
  • .EXE/.DLL –> .7z/.Zip (Password Protected) –> .JS –> .SVG –> .HTML
  • .EXE/.DLL –> .7z/.Zip (Password Protected) –> .PNG/.GIF –> .JS –> .HTML
  • .EXE/.DLL –> .7z/.Zip (Password Protected) –> .PNG/.GIF –> JS –> .SVG –> .HTML

Key Features

  • Stealthy File Concealment: Embed any file type (EXE/DLL) securely within HTML pages, PNG, GIF, and SVG files, ensuring the data remains hidden in plain sight.
  • Versatile Embedding: Offers the flexibility to embed files in various formats, catering to diverse needs and scenarios.
  • Advanced Obfuscation: Utilizes sophisticated techniques to obfuscate the embedded data, further enhancing security and reducing detectability.
  • Custom Template Support: Allows the use of custom HTML and SVG templates for embedding, providing personalized and context-specific concealment.
  • Intuitive Interface: Features an easy-to-use command-line interface, making it accessible for both technical and non-technical users.
  • Visual Validation: Includes visualization tools for PNG files, offering users a way to confirm the successful embedding of data.

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

What do you think?

Posted by Prapattimynk

PiAlert – Network security scanner & notification framework

Freeze.rs – Payload Toolkit For Bypassing EDRs