ctrl+shift+p filters: :st2 :st3 :win :osx :linux
Browse

Xss​Encode

by Medicean ALL

Converts characters from one encoding to another using a transformation.

Details

Installs

  • Total 2K
  • Win 1K
  • Mac 410
  • Linux 203
Jan 23 Jan 22 Jan 21 Jan 20 Jan 19 Jan 18 Jan 17 Jan 16 Jan 15 Jan 14 Jan 13 Jan 12 Jan 11 Jan 10 Jan 9 Jan 8 Jan 7 Jan 6 Jan 5 Jan 4 Jan 3 Jan 2 Jan 1 Dec 31 Dec 30 Dec 29 Dec 28 Dec 27 Dec 26 Dec 25 Dec 24 Dec 23 Dec 22 Dec 21 Dec 20 Dec 19 Dec 18 Dec 17 Dec 16 Dec 15 Dec 14 Dec 13 Dec 12 Dec 11 Dec 10 Dec 9
Windows 6 7 4 9 6 1 6 12 5 6 6 2 4 7 6 3 6 13 14 6 7 6 11 6 7 4 4 6 2 5 7 17 4 8 8 12 6 4 16 10 7 8 6 8 5 8
Mac 0 0 0 1 1 0 1 1 0 0 0 0 0 1 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 0 0 1 0 0
Linux 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1

Readme

Source
raw.​githubusercontent.​com

Sublime XssEncode

English | 中文说明

Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.

Convert the region you selected or convert all characters.

XssEncode supports both Sublime Text 2 and 3.

Installation

Using Package Control to find, install and upgrade XssEncode is the recommended method to install this plug-in.

Otherwise, you can use the following steps manually install:

  1. Open the Sublime Text Packages folder

    • OS X: ~/Library/Application Support/Sublime Text 3/Packages/
    • Windows: %APPDATA%/Sublime Text 3/Packages/
    • Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages
  2. clone this repo

    git clone https://github.com/Medicean/SublimeXssEncode.git
    
  3. Rename the new folder to xssencode

ChangeLog

See more at ChangeLog

Example Commands

You can type the Command HotKeys(Win: ctrl+shift+p, OSX: Command+shift+p),type xssencode and choice your action。Otherwise, click the menu bar tools => XssEncode and choice your action.

  • html_escape

    Converts characters to their HTML entity.

    eg:

    a1@& => a1@&

  • html10_encode

    Converts characters to html entity with decimal.

    eg:

    a1@& => a1@&

  • html16_encode

    Converts characters to html entity with hexadecimal.

    eg:

    a1@& => a1@&

  • html_unescape

    Converts html entity to characters.

    eg:

    aaa& => aaa&

  • base64_encode

    Uses base64 to encode into base64

    eg:

    a1@& => YTFAJg==

  • base64_decode

    eg:

    YTFAJg== => a1@&

  • url_encode

    eg:

    alert(/xss/); => alert%28/xss/%29%3B

  • url_decode

    eg:

    alert%28/xss/%29%3B => alert(/xss/);

  • string_from_char_code

    eg:

    alert(/xss/); => String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)

  • mysql_char

    eg:

    123 => CHAR(49,50,51)

    You can excute the sql commands below.

    select 123;

    select CHAR(49,50,51);

  • oracle_chr

    eg:

    123 => CHR(49)||CHR(50)||CHR(51)

    You can excute the sql commands below.

    select 123;

    select CHR(49)||CHR(50)||CHR(51);

  • php_chr

    Convert characters with function chr.

    eg:

    Support we have a php backdoor, and the content is <?php @eval($_REQUEST[cmd]);?>

    if you want to execute some commands which includes special chars, you can convert it.

    ls -al => CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)

    now you can request the url below:

    http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));

  • string_to_hex

    Convert string to hexadecimal, it's more useful for sql injection.

    eg:

    root => 726f6f74

    now you can excute the sql commands below.

    SELECT user from mysql.user where user='root';

    SELECT user from mysql.user where user=0x726f6f74;

  • hex_to_string

    eg:

    726f6f74 => root

  • unicode_decode

    eg:

    测试 => \u6d4b\u8bd5

  • unicode_encode

    eg:

    \u6d4b\u8bd5 => 测试

  • md5_encode

    eg:

    1 => c4ca4238a0b923820dcc509a6f75849b