Store payloads in the Internet Explorer URL history.
iexstorage is a technique for storing arbitrary data inside Internet Explorer's URL history. It can be used for persistence, data exfiltration, or as a stealthy communication channel. The project demonstrates how to encode and retrieve shellcode from IE history without writing anything to disk.
- Stores binary payloads by encoding them into hexadecimal URLs.
- Uses custom titles (keys) to tag and sequence URL fragments.
- Retrieves and reconstructs payloads from IE history.
- Optional in-memory shellcode execution.
- Minimal footprint using only native WinAPI.
- Disables IE's first-run prompt via registry.
- Launches an IE instance (
about:blank) to initialize components. - Splits payloads into chunks and converts them to
iex://<hex>/URLs. - Each chunk is stored in IE history with a key like
iexstorage#001,iexstorage#002, etc. - URLs are later read, sorted by sequence, and decoded back to binary.
- 🧬 Data Persistence: Hide payloads in the registry and browser history without touching disk files.
- 💀 Fileless Malware Techniques: Load and execute shellcode entirely from memory using IE's native components.
- 🕵️ Covert Channels: Use browser history as an unexpected data store to exfiltrate or transfer information discreetly.
- 🔍 Red Team Operations: Simulate advanced attacker techniques or test detection of obscure storage channels.
- 🛠️ Proof of Concept: Demonstrate browser abuse and legacy application risks in corporate environments.
You can compile the project on Windows using Visual Studio or the Developer Command Prompt.
Requirements:
- Windows OS (< Win 10)
- C++ Compiler (MSVC recommended)
- Windows SDK
- Linked libraries:
urlmon.liboleaut32.libole32.lib
cl /EHsc iexstorage.cpp /link urlmon.lib oleaut32.lib ole32.lib