rukov Posted October 8, 2017 Report Share Posted October 8, 2017 What this tool does is taking a file (any type of file), encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, saved in a temporary folder, and the file is then presented to the user as if it was being downloaded from the remote site. Depending on the user’s browser and the file type presented, the file can be automatically opened by the browser. This tool comes in two flavors, providing the same overall functionnality but with some slight changes in the way of using it: An python script which generates the output HTML file based on a template, using RC4 encryption routines, and embedding the decryption key within the output file. The resulting HTML can either be browsed by the targeted user or sent as an attachement. An HTML/Javascript that you can drag the file into be encrypted to, which generates the output HTML file, using the WebCrypto API, but NOT embedding the decryption material (key and counter). Instead, the decryption material is displayed as a set of URL parameters to be added into a URL pointing to the HTML resulting file: http(s)://hosting.server.com/result.html#hexencodedkey!hexencodedcounter. So the resulting HTML file cannot be sent as an attachment. The main advantage of this technique is that the decryption material is not embedded into the file itself, hence preventing analysis and even retrieval of the payload by any system which doesn’t have the full URL (eg: intercepting proxy) Home : https://github.com/Arno0x/EmbedInHTML 2 Quote Link to comment Share on other sites More sharing options...