File Smuggling HTML Smuggling techniques sidestep traditional network security solutions such as email scanners, proxies and sandboxes by using the features of HTML5 and Javascript.
This is done by generating the malicious HTML code within the browser on the target device which is already inside the security perimeter of the network.
There is two option for smuggling:
- Base64
- Bytes_array
there is one obsfucation method:
1)Url Decode (Utf-8).
On_The_Road_Map:
- Add more Obfuscation technique (Speicaly Javascript obfuscation).
- Add more Html Events and triggers to avoid sandbox detection such as (Onclick, Onmouseover, Onscroll, etc..).