Smugglo: Bypass Filters with Self-Dropping HTML
smugglo
An easy-to-use script for wrapping files into self-dropping HTML payloads to bypass content filters.
Features
- One-file payload: Wrap any file into a single self-contained HTML file
- Automatic extraction: The generated HTML auto-extracts and downloads the file when opened (no clicks needed)
- Data hiding options: Supports XOR obfuscation, AES-GCM encryption, Base64 or hex encoding to conceal content
- Stealth injection: Option to stash file data in CSS variables for extra sneakiness
- Bypass filters: Slip past content filters and sandboxes by masquerading as a harmless HTML page (classic HTML smuggling trick)
How It Works
- Select a file: Use the file input to choose any file from your system.
- Choose a method: Pick one of the embedding methods:
- CSS Encoding
- XOR Encryption
- AES Encryption
- Base64 Encoding
- Hex Encoding
- Generate HTML: Click the button and smugglo wraps your file into a self-contained HTML file.
- Automatic Extraction: When the HTML payload is opened in a browser, it automatically decodes/decrypts the embedded file and triggers its download.