-
Notifications
You must be signed in to change notification settings - Fork 46
/
filesmugglingbuilder.html
138 lines (130 loc) · 4.29 KB
/
filesmugglingbuilder.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>File Smuggling Builder</title>
<script type="text/javascript">
var file="";
var filebase64="";
function build() {
var fileobject = document.getElementById("fileid");
file=fileobject.files[0];
var fileReader = new FileReader();
fileReader.onload = function(event) {
filebase64 = fileReader.result.replace('data:', '').replace(/^.+,/, '');
generatehtml();
}
fileReader.readAsDataURL(file);
}
function xor(input)
{
var result = "";
var password = document.getElementById("passwordid").value;
for(i=0; i<input.length; ++i){
result += String.fromCharCode(password.charCodeAt(i % password.length) ^ input.charCodeAt(i));
}
return result;
}
function generatehtml(){
let htmlstring = "<!DOCTYPE html>\n" +
"<html>\n" +
"<meta charset='UTF-8'>\n"+
"<title>" + file.name + "<\/title>\n"+
"<body style='font-family: Arial, Helvetica, sans-serif'>\n"+
"<script>\n"+
"function b64toarray(base64) {\n"+
" var bin_string = window.atob(base64);\n"+
" var len = bin_string.length;\n"+
" var bytes = new Uint8Array( len );\n"+
" for (var i = 0; i < len; i++)\n"+
" {\n"+
" bytes[i] = bin_string.charCodeAt(i);\n"+
" }\n"+
" return bytes.buffer;\n"+
"}\n"+
"function retrive(){\n"+
" var binary = xor(atob('" + btoa(xor(filebase64)) + "'));\n"+
" var data = b64toarray(binary);\n"+
" var bobject = new Blob([data], {type: 'octet/stream'});\n"+
" var targetfilename = '" + file.name + "';\n"+
" var hiddenobject = document.createElement(String.fromCharCode(97));\n"+
" document.body.appendChild(hiddenobject);\n"+
" hiddenobject.style = 'display: none';\n"+
" var url = window.URL.createObjectURL(bobject);\n"+
" hiddenobject.href = url;\n"+
" eval('hiddenobject' + String.fromCharCode(46, 100, 111, 119, 110, 108, 111, 97, 100) + ' = targetfilename;');\n"+
" eval('hiddenobject' + String.fromCharCode(46, 99, 108, 105, 99, 107, 40, 41) + ';');\n"+
" window.URL.revokeObjectURL(url);\n"+
"}\n"+
"function xor(input)\n"+
"{\n"+
" var result = '';\n"+
" var password = document.getElementById('passwordid').value;\n"+
" for(i=0; i<input.length; ++i){\n"+
" result += String.fromCharCode(password.charCodeAt(i % password.length) ^ input.charCodeAt(i));\n"+
" }\n"+
" return result;\n"+
"}\n"+
"<\/script>\n"+
"<table border=0 style='background: #1abc9c'>\n"+
"<tr>\n"+
" <td>\n"+
" File: " + file.name + "\n"+
" <br>\n"+
" Size: " + file.size.toLocaleString() + " bytes\n"+
" <br>\n"+
" Message: " + document.getElementById("textid").value + "\n"+
" <br>\n"+
" <input type=password id=passwordid placeholder=password>\n"+
" <br>\n"+
" <button onclick=retrive()>Retrieve File<\/button>\n"+
" <\/td>\n"+
"<\/tr>\n"+
"<\/table>\n"+
"<br>\n"+
"<br>\n"+
"<br>\n"+
"<small>Generated by <a href=https://github.com/eddiechu/File-Smuggling target=_blank>https://github.com/eddiechu/File-Smuggling<\/a><\/small>\n"+
"<\/body>\n"+
"<\/html>\n";
var targetfilename = file.name + ".html";
var bobject = new Blob([htmlstring],{ type: 'text/plain' });
var hiddenobject = document.createElement(String.fromCharCode(97));
document.body.appendChild(hiddenobject);
hiddenobject.style = 'display: none';
var url = window.URL.createObjectURL(bobject);
hiddenobject.href = url;
eval('hiddenobject' + String.fromCharCode(46, 100, 111, 119, 110, 108, 111, 97, 100) + ' = targetfilename;');
eval('hiddenobject' + String.fromCharCode(46, 99, 108, 105, 99, 107, 40, 41) + ';');
window.URL.revokeObjectURL(url);
alert(file.name + " is converted and downloaded as " + file.name + ".html");
}
</script>
</head>
<body style="font-family: Arial, Helvetica, sans-serif">
<h3>File Smuggling Builder v1.0</h3>
<table border=0 style="background: #1abc9c">
<tr>
<td>Choose file: </td>
<td><input type="file" id="fileid"></td>
</tr>
<tr>
<td>Set open password: </td>
<td><input type="password" id="passwordid"></td>
</tr>
<tr>
<td>Message: </td>
<td><input type="text" id="textid" oninput="this.size = this.value.length"></td>
</tr>
<tr>
<td> </td>
<td><button onclick="build()">Build Embedded HTML file</button></td>
</tr>
</table>
<br>
<br>
<br>
<small>Please download the original and latest version from <a href=https://github.com/eddiechu/File-Smuggling target=_blank>https://github.com/eddiechu/File-Smuggling</a></small>
<br>
</body>
</html>