New version of Hackvertor released
Wednesday, 17 October 2007
I’ve been busy catching up with some of the projects I’ve been working on and I’m pleased to announce a new version of Hackvertor, if you don’t know what it is check it out. It’s a useful tool to help with conversions and pen testing server side XSS filters. I decided to write the tool to make my work easier and improve security filters I’ve been working on.
New features and tags
-You can now send the HTML output to a new window or external site within a iframe.
-Semi colons are now switched off by default for entities
-Entities are optional for hex encoding etc
dec = decimal encoding with/without entities
hex = hex encoding with/without entities
uni = unicode encoding
oct = octal encoding
enc = url encoding
concat = creates a string concatenation of whatever is supplied e.g.:-
x0=(1^2==0)?’t’:’ABC’+’DEFG’;x1=(1^2==0)?’e’:’ABC’+’DEFG’;
x2=(1^2==0)?’s’:’ABC’+’DEFG’;x3=(1^2==0)?’t’:’ABC’+’DEFG’;
x4=x0+x1+x2+x3;
javachar = java livescript based char code conversion
charcode = standard character code conversion
eval = obscures a eval code block
tag = doesn’t do much yet other than insert a random tag with a javascript execution point
randchars = creates random characters depending on int supplied e.g. {randchars}5{/randchars}
dquote = encloses a string with double quotes
squote = encloses a string with single quotes
No. 1 — October 19th, 2007 at 9:00 pm
I’ve created a Greasemonkey version as well:-
http://userscripts.org/scripts/show/13145
No interface at the moment just keyboard shortcuts:-
CTRL+SHIFT+H = convert the tags
CTRL+SHIFT+T = show all available tags