Bypass Download Restriction with JavaScript Blob

In this blog post, we're going to bypass download restriction with JavaScript Blob.

Sometimes proxies might disallow downloading executable files. When you send a HTTP GET request to /malware.exe, the proxy catches and drops the request. Fortunately there's been a work around since HTML5.

LogoGitHub - talhakarakumru/bypass_download_restrictionGitHub

Steps to Bypass The Restriction

  1. Convert the executable file to Base64.

  2. Copy the Base64 string and assign it to a JavaScript variable.

  3. Write a function which converts Base64 to binary.

  4. Convert the Base64 string with the function.

  5. Create a "octet/stream" type blob.

  6. Create an object URL.

  7. Create a link (a). (This step can be omitted if you already have a link tag.)

  8. Edit href and download attributes of the link.

  9. Click the link automatically.

  10. To clean up, revoke the URL you created.

What is Blob?

The Blob object represents a blob, which is a file-like object of immutable, raw data; they can be read as text or binary data, or converted into a ReadableStream so its methods can be used for processing the data.

Step #1 - Convert The Executable File

If you have access to Bash, you can use base64 command to convert an executable file to Base64 string.

Step #2, 3, 4

window.atob => Converts ASCII to binary.

charCodeAt => Returns UTF-16 code of the giving character.

Step #5 - Create a Blob

Step #6 - Create an Object URL

Step #7, 8 - Create a Link

If you check out the DOM. You can examine the created link.

Step #9, 10

Links

  1. https://developer.mozilla.org/en-US/docs/Web/API/Blob

  2. https://developer.mozilla.org/en-US/docs/Web/API/ReadableStream

PreviousEmbed Shellcode into PE ResourcesNextParent Process ID Spoofing

Last updated

Was this helpful?