ctrl+shift+p filters: :st2 :st3 :win :osx :linux
Browse

Xss​Encode

by Medicean ST2/ST3

Converts characters from one encoding to another using a transformation.

Details

Installs

  • Total 674
  • Win 406
  • OS X 188
  • Linux 80
Sep 19 Sep 18 Sep 17 Sep 16 Sep 15 Sep 14 Sep 13 Sep 12 Sep 11 Sep 10 Sep 9 Sep 8 Sep 7 Sep 6 Sep 5 Sep 4 Sep 3 Sep 2 Sep 1 Aug 31 Aug 30 Aug 29 Aug 28 Aug 27 Aug 26 Aug 25 Aug 24 Aug 23 Aug 22 Aug 21 Aug 20 Aug 19 Aug 18 Aug 17 Aug 16 Aug 15 Aug 14 Aug 13 Aug 12 Aug 11 Aug 10 Aug 9 Aug 8 Aug 7 Aug 6
Windows 0 1 1 0 0 2 0 1 2 1 3 1 0 2 5 2 0 1 1 0 2 0 2 2 0 1 2 1 2 1 0 0 1 2 0 0 0 0 2 1 2 3 1 2 2
OS X 0 1 0 0 1 0 1 0 0 0 1 0 1 2 0 1 0 0 0 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 1 1 1 0 1 2 0 2 1
Linux 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0

Readme

Source
raw.​githubusercontent.​com

Sublime XssEncode

English | 中文说明

Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.

Convert the region you selected or convert all characters.

XssEncode supports both Sublime Text 2 and 3.

Installation

Using Package Control to find, install and upgrade XssEncode is the recommended method to install this plug-in.

Otherwise, you can use the following steps manually install:

  1. Open the Sublime Text Packages folder

    • OS X: ~/Library/Application Support/Sublime Text 3/Packages/
    • Windows: %APPDATA%/Sublime Text 3/Packages/
    • Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages
  2. clone this repo

    git clone https://github.com/Medicean/SublimeXssEncode.git
    
  3. Rename the new folder to xssencode

ChangeLog

See more at ChangeLog

Example Commands

You can type the Command HotKeys(Win: ctrl+shift+p, OSX: Command+shift+p),type xssencode and choice your action。Otherwise, click the menu bar tools => XssEncode and choice your action.

  • html_escape

    Converts characters to their HTML entity.

    eg:

    a1@& => a1@&

  • html10_encode

    Converts characters to html entity with decimal.

    eg:

    a1@& => a1@&

  • html16_encode

    Converts characters to html entity with hexadecimal.

    eg:

    a1@& => a1@&

  • html_unescape

    Converts html entity to characters.

    eg:

    aaa& => aaa&

  • base64_encode

    Uses base64 to encode into base64

    eg:

    a1@& => YTFAJg==

  • base64_decode

    eg:

    YTFAJg== => a1@&

  • url_encode

    eg:

    alert(/xss/); => alert%28/xss/%29%3B

  • url_decode

    eg:

    alert%28/xss/%29%3B => alert(/xss/);

  • string_from_char_code

    eg:

    alert(/xss/); => String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)

  • mysql_char

    eg:

    123 => CHAR(49,50,51)

    You can excute the sql commands below.

    select 123;

    select CHAR(49,50,51);

  • oracle_chr

    eg:

    123 => CHR(49)||CHR(50)||CHR(51)

    You can excute the sql commands below.

    select 123;

    select CHR(49)||CHR(50)||CHR(51);

  • php_chr

    Convert characters with function chr.

    eg:

    Support we have a php backdoor, and the content is <?php @eval($_REQUEST[cmd]);?>

    if you want to execute some commands which includes special chars, you can convert it.

    ls -al => CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)

    now you can request the url below:

    http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));

  • string_to_hex

    Convert string to hexadecimal, it's more useful for sql injection.

    eg:

    root => 726f6f74

    now you can excute the sql commands below.

    SELECT user from mysql.user where user='root';

    SELECT user from mysql.user where user=0x726f6f74;

  • hex_to_string

    eg:

    726f6f74 => root

  • unicode_decode

    eg:

    测试 => \u6d4b\u8bd5

  • unicode_encode

    eg:

    \u6d4b\u8bd5 => 测试

  • md5_encode

    eg:

    1 => c4ca4238a0b923820dcc509a6f75849b