Html Smuggling: hide malware payloads in an encoded script
HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page.
The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link.
The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX, or PDF
Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victim’s device.
- Inspired by : @abdulkadir-gungor
git clone https://github.com/De3vil/HtmlSmuggling.git
python HtmlSmuggling.py <FileName> <MalwarePath>