search

Bypass Download Restriction with JavaScript Blob

In this blog post, we're going to bypass download restriction with JavaScript Blob.

Sometimes proxies might disallow downloading executable files. When you send a HTTP GET request to /malware.exe, the proxy catches and drops the request. Fortunately there's been a work around since HTML5.

LogoGitHub - talhakarakumru/bypass_download_restrictionGitHubchevron-right

hashtag
Steps to Bypass The Restriction

  1. Convert the executable file to Base64.

  2. Copy the Base64 string and assign it to a JavaScript variable.

  3. Write a function which converts Base64 to binary.

  4. Convert the Base64 string with the function.

  5. Create a "octet/stream" type blob.

  6. Create an object URL.

  7. Create a link (a). (This step can be omitted if you already have a link tag.)

  8. Edit href and download attributes of the link.

  9. Click the link automatically.

  10. To clean up, revoke the URL you created.

hashtag
What is Blob?

The Blob arrow-up-rightobject represents a blob, which is a file-like object of immutable, raw data; they can be read as text or binary data, or converted into a ReadableStream arrow-up-rightso its methods can be used for processing the data.

hashtag
Step #1 - Convert The Executable File

If you have access to Bash, you can use base64 command to convert an executable file to Base64 string.

hashtag
Step #2, 3, 4

window.atob => Converts ASCII to binary.

charCodeAt => Returns UTF-16 code of the giving character.

hashtag
Step #5 - Create a Blob

hashtag
Step #6 - Create an Object URL

hashtag
Step #7, 8 - Create a Link

If you check out the DOM. You can examine the created link.

hashtag
Step #9, 10

hashtag
Links

  1. https://developer.mozilla.org/en-US/docs/Web/API/Blobarrow-up-right

  2. https://developer.mozilla.org/en-US/docs/Web/API/ReadableStreamarrow-up-right

PreviousEmbed Shellcode into PE ResourcesNextParent Process ID Spoofing

Last updated