Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/medicean/sublimexssencode

Converts characters from one encoding to another using a transformation.
https://github.com/medicean/sublimexssencode

convert-characters encoding security-tools sublime-text sublime-text-plugin

Last synced: 22 days ago
JSON representation

Converts characters from one encoding to another using a transformation.

Awesome Lists containing this project

README 

        
# Sublime XssEncode



[English](README.md) | [中文说明](README_CN.md)



Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.



**Convert the region you selected or convert all characters.**



XssEncode supports both Sublime Text 2 and 3.



Installation

----



Using [Package Control](https://sublime.wbond.net/installation) to find, install and upgrade *XssEncode* is the recommended method to install this plug-in.



Otherwise, you can use the following steps manually install:



1. Open the Sublime Text Packages folder

    * OS X: ~/Library/Application Support/Sublime Text 3/Packages/

    * Windows: %APPDATA%/Sublime Text 3/Packages/

    * Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages



2. clone this repo

	

	```

	git clone https://github.com/Medicean/SublimeXssEncode.git

	```



3. Rename the new folder to **xssencode**



ChangeLog

---



See more at [ChangeLog](CHANGELOG.md)



Example Commands

----



> You can type the Command HotKeys(Win: `ctrl+shift+p`, OSX: Command+shift+p),type `xssencode` and choice your action。Otherwise, click the menu bar `tools` => `XssEncode` and choice your action.



* `html_escape`



	Converts characters to their HTML entity.

	

	**eg:**

	

	`a1@&` => `a1@&`



* `html10_encode`

	

	Converts characters to html entity with decimal.

	

	**eg:**

	

	`a1@&` => `a1@&`



* `html16_encode`



	Converts characters to html entity with hexadecimal.



	**eg:**

	

	`a1@&` => `a1@&`



* `html_unescape`



	Converts html entity to characters.

	

	**eg:**

	

	`aaa&` => `aaa&`



* `base64_encode`



	Uses base64 to encode into base64

	

	**eg:**

	

	`a1@&` => `YTFAJg==`



* `base64_decode`



	**eg:**

	

	`YTFAJg==` => `a1@&`



* `url_encode`



	**eg:**

	

	`alert(/xss/);` => `alert%28/xss/%29%3B`



* `url_decode`



	**eg:**

	

	`alert%28/xss/%29%3B` => `alert(/xss/);`



* `string_from_char_code`



	**eg:**

	

	`alert(/xss/);` => `String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)`



* `mysql_char`



	**eg:**

	

	`123` => `CHAR(49,50,51)`

	

	You can excute the sql commands below.

	

	`select 123;`

	

	`select CHAR(49,50,51);`

	

* `oracle_chr`



	**eg:**

	

	`123` => `CHR(49)||CHR(50)||CHR(51)`

	

	You can excute the sql commands below.

	

	`select 123;`

	

	`select CHR(49)||CHR(50)||CHR(51);`



* `php_chr`

	

	Convert characters with function chr.

	

	**eg:**

	

	Support we have a php backdoor, and the content is ``

	

	if you want to execute some commands which includes special chars, you can convert it.

	

	`ls -al` => `CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)`

	

	now you can request the url below:

	

	`http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));`

	

* `string_to_hex`



	Convert string to hexadecimal, it's more useful for sql injection.



	**eg:**

	

	`root` => `726f6f74`



	now you can excute the sql commands below.



	`SELECT user from mysql.user where user='root';`

	

	`SELECT user from mysql.user where user=0x726f6f74;`



* `hex_to_string`



	**eg:**

	

	`726f6f74` => `root`



* `unicode_decode`



	**eg:**

	

	`测试` => `\u6d4b\u8bd5`



* `unicode_encode`



	**eg:**

	

	`\u6d4b\u8bd5` => `测试`



* `md5_encode`



	**eg:**

	

	`1` => `c4ca4238a0b923820dcc509a6f75849b`