Security News > 2024 > February > BobTheSmuggler: Open-source tool for undetectable payload delivery
BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight.
"In many of my red team engagements, I encountered scenarios where I had to deliver a payload to the target, and due to a DLP or firewall rule, the payload delivery was blocked. I quickly opted for the HTML smuggling technique for payload delivery, but none of the publicly available tools had the feature to hide the payload inside PNG/GIF. Most tools would just base64 encode the binary and embed it inside the HTML file. Due to this reason, the HTML file size would increase to a few MBs. This file wouldn't be ideal for sending as an email attachment due to size constraints, Harpreet Singh, the creator of BobTheSmuggler, told Help Net Security."
"With BobTheSmuggler, I was able to solve the problems I faced by hiding the payload inside image polyglots, calling the PNG/GIF files from remote, and then evading DLPs & firewalls by adding dynamic XOR encryption to the payloads hidden inside the image. Simple Javascript code would download the PNG/GIF file from the server, save it in the cache, and then do its magic with HTML smuggling," Singh added.
"I want to add more features to make it more useful, and I welcome all the suggestions and feedback I can get to make this tool successful," Singh added.
Adding different file extensions such as PDFs, DOCs, etc.
Adding EML file support to make a more stealthy approach for payload delivery via attachment.