ctrl+shift+p filters: :st2 :st3 :win :osx :linux
Browse

Xss​Encode

by Medicean ST2/ST3

Converts characters from one encoding to another using a transformation.

Details

Installs

  • Total 789
  • Win 485
  • OS X 214
  • Linux 90
Nov 24 Nov 23 Nov 22 Nov 21 Nov 20 Nov 19 Nov 18 Nov 17 Nov 16 Nov 15 Nov 14 Nov 13 Nov 12 Nov 11 Nov 10 Nov 9 Nov 8 Nov 7 Nov 6 Nov 5 Nov 4 Nov 3 Nov 2 Nov 1 Oct 31 Oct 30 Oct 29 Oct 28 Oct 27 Oct 26 Oct 25 Oct 24 Oct 23 Oct 22 Oct 21 Oct 20 Oct 19 Oct 18 Oct 17 Oct 16 Oct 15 Oct 14 Oct 13 Oct 12 Oct 11 Oct 10
Windows 1 1 2 0 1 1 1 1 0 1 3 0 0 1 1 4 1 1 0 2 3 2 2 0 1 1 1 1 1 3 0 2 3 0 0 0 1 1 1 0 0 0 2 1 1 3
OS X 3 0 1 0 1 0 0 0 0 0 0 0 1 0 0 3 0 0 0 0 0 0 1 0 0 1 1 1 0 0 0 1 0 0 0 0 1 0 1 1 0 0 0 2 0 0
Linux 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0

Readme

Source
raw.​githubusercontent.​com

Sublime XssEncode

English | 中文说明

Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.

Convert the region you selected or convert all characters.

XssEncode supports both Sublime Text 2 and 3.

Installation

Using Package Control to find, install and upgrade XssEncode is the recommended method to install this plug-in.

Otherwise, you can use the following steps manually install:

  1. Open the Sublime Text Packages folder

    • OS X: ~/Library/Application Support/Sublime Text 3/Packages/
    • Windows: %APPDATA%/Sublime Text 3/Packages/
    • Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages
  2. clone this repo

    git clone https://github.com/Medicean/SublimeXssEncode.git
    
  3. Rename the new folder to xssencode

ChangeLog

See more at ChangeLog

Example Commands

You can type the Command HotKeys(Win: ctrl+shift+p, OSX: Command+shift+p),type xssencode and choice your action。Otherwise, click the menu bar tools => XssEncode and choice your action.

  • html_escape

    Converts characters to their HTML entity.

    eg:

    a1@& => a1@&

  • html10_encode

    Converts characters to html entity with decimal.

    eg:

    a1@& => a1@&

  • html16_encode

    Converts characters to html entity with hexadecimal.

    eg:

    a1@& => a1@&

  • html_unescape

    Converts html entity to characters.

    eg:

    aaa& => aaa&

  • base64_encode

    Uses base64 to encode into base64

    eg:

    a1@& => YTFAJg==

  • base64_decode

    eg:

    YTFAJg== => a1@&

  • url_encode

    eg:

    alert(/xss/); => alert%28/xss/%29%3B

  • url_decode

    eg:

    alert%28/xss/%29%3B => alert(/xss/);

  • string_from_char_code

    eg:

    alert(/xss/); => String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)

  • mysql_char

    eg:

    123 => CHAR(49,50,51)

    You can excute the sql commands below.

    select 123;

    select CHAR(49,50,51);

  • oracle_chr

    eg:

    123 => CHR(49)||CHR(50)||CHR(51)

    You can excute the sql commands below.

    select 123;

    select CHR(49)||CHR(50)||CHR(51);

  • php_chr

    Convert characters with function chr.

    eg:

    Support we have a php backdoor, and the content is <?php @eval($_REQUEST[cmd]);?>

    if you want to execute some commands which includes special chars, you can convert it.

    ls -al => CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)

    now you can request the url below:

    http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));

  • string_to_hex

    Convert string to hexadecimal, it's more useful for sql injection.

    eg:

    root => 726f6f74

    now you can excute the sql commands below.

    SELECT user from mysql.user where user='root';

    SELECT user from mysql.user where user=0x726f6f74;

  • hex_to_string

    eg:

    726f6f74 => root

  • unicode_decode

    eg:

    测试 => \u6d4b\u8bd5

  • unicode_encode

    eg:

    \u6d4b\u8bd5 => 测试

  • md5_encode

    eg:

    1 => c4ca4238a0b923820dcc509a6f75849b