HTML Smuggling, a technique in which attackers hide malicious payloads inside HTML documents. Malicious files are embedded within HTML documents, enabling them to evade network-based detection measures. Opening those malicious HTML documents results in the following chain of events:
- Adversaries may smuggle data and files past content filters by hiding malicious payloads inside of seemingly benign HTML files.
- It may deliver payloads to victims that bypass security controls through HTML Smuggling by abusing JavaScript Blobs and/or HTML5 download attributes
- Data may also be stored in Data URLs, which enable embedding media type or MIME files inline of HTML documents. HTML5 also introduced a download attribute that may be used to initiate file downloads.
- Malicious files or data can be obfuscated and hidden inside of HTML files through Data URLs and/or JavaScript Blobs and can be deobfuscated when they reach the victims.