New version of Hackvertor released

I’ve been busy catching up with some of the projects I’ve been working on and I’m pleased to announce a new version of Hackvertor, if you don’t know what it is check it out. It’s a useful tool to help with conversions and pen testing server side XSS filters. I decided to write the tool to make my work easier and improve security filters I’ve been working on.

New features and tags

-You can now send the HTML output to a new window or external site within a iframe.
-Semi colons are now switched off by default for entities
-Entities are optional for hex encoding etc

dec = decimal encoding with/without entities
hex = hex encoding with/without entities
uni = unicode encoding
oct = octal encoding
enc = url encoding
concat = creates a string concatenation of whatever is supplied e.g.:-

javachar = java livescript based char code conversion
charcode = standard character code conversion
eval = obscures a eval code block
tag = doesn’t do much yet other than insert a random tag with a javascript execution point
randchars = creates random characters depending on int supplied e.g. {randchars}5{/randchars}
dquote = encloses a string with double quotes
squote = encloses a string with single quotes

Hackvertor tool

One Response to “New version of Hackvertor released”

  1. Gareth Heyes writes:

    I’ve created a Greasemonkey version as well:-

    No interface at the moment just keyboard shortcuts:-
    CTRL+SHIFT+H = convert the tags
    CTRL+SHIFT+T = show all available tags