Hackvertor update

Future plans

I’ve done a big change in the Hackvertor code to pave the way for some new features. In future I plan to create a web service were we can create/share Hackvertor tags for free. This will enable custom versions of Hackvertor for a specific task, for example we could have a SQL injection version, XSS version etc and they could all be developed and improved by the community. When the server side stuff is completed that’s what you can look forward to 🙂

Restructure

For now though I’ve restructured all tags into their own object for easy storage, most tags now extend the native String object to make reuse between tags much easier. This makes tag code much shorter because conversions can be chained together like ”.tobinary().zeroFill(16) etc. Using these methods I decided to create my own UTF-7 encode/decode tags [1] in javascript as a technical exercise to understand how UTF-7 works.

I’ve also redone the parameter options which now allow quotes; this enables Hackvertor tags to pass commas as arguments. The option menu has also been removed because more tags now have arguments it makes it much easier to customise each tag usage rather than searching through options.

In case you hadn’t noticed Hackvertor now takes external input, which allows you to share tags between friends and provide conversion examples or md5 hashes [2] for example. This can be accessed by simply clicking the HVURL button and it will base64 encode the current input and create you a HVURL to share.

Docs and examples

It’s quite complicated now and I’ve tried to reduce the clutter and make it as accessible as possible, the DOM object browser is now hidden by default to allow both input and output windows to be displayed next to each other and increased in size.

Tag parameters/arguments

Some tags accept additional options which are displayed in () when adding a tag, for example it’s possible to change if a hex_ent (hex entities) tag adds a semi-colon or not. To include commas in a parameter you need to enclose it with quotes, take the replace tag for example:-
Replace tag example

Tag list

Here I shall document each tag category and provide a example from each.

Encode (Converts every character in a string to the chosen encoding)

  • base64 – Base64 encode a string (Uses Firefox’s native functions)
  • hex_ent – Create Hexadecimal HTML entities from the string.
  • dec_ent – Decimal HTML entities
  • dec – Converts each character into a decimal escape
  • hex – Creates a javascript hexadecimal string.
  • uni – Converts to javascript unicode string.
  • oct – Octal encoding
  • urlenc – Javascript escape wrapper (Performs a standard urlencode)
  • realurlenc – Custom urlencoder (Encodes all characters)
  • htmlent – Converts standard HTML entities
  • utf7 – Creates a UTF-7 encoded string to be used with character set attacks.

realurlenc tag example

Decode (Decodes a string that has been encoded)

  • d_base64 – Decodes a base64 encoded string using Firefox’s native functions
  • d_bin – Converts from binary
  • d_dec – Decodes decimal escapes/HTML entities
  • d_hex – Decodes hex entites or hex javascript escapes
  • d_uni – Decodes unicode strings
  • d_oct – Decodes octal escapes
  • d_enc – Unescape wrapper (Decodes urlencoded string)
  • d_realenc – Clone of d_enc tag added for clarity
  • d_htmlent – Decode HTML entities
  • 0d_utf7 – Decodes a UTF-7 encoded string

d_oct example

Filter Evasion (Tags used to test and bypass XSS filters)

  • backslashesc – Javascript/CSS backslash escapes to obscure identifiers or functions
  • backslashnulles – Same as above but with additional null characters
  • backslashnzullesc – Same as above but with zero padded nulls
  • toternary – Converts any string into a javascript ternary statements, each character is a separated and the entire string is enclosed in a anonymous function.

backslashesc example

String (String manipulation tags, javascript based functionality with additional extras)

  • javachar – Converts the string into Java lang character codes
  • tocharcodes – Converts to standard character codes
  • fromcharcodes – Convert from character codes (separated with commas)
  • dquote – Add double quotes to a string
  • squote – Add single quotes to a string
  • bticks – Adds backticks around a string
  • js2str – Executes a javascript statement and returns the string
  • stripnewlines – Removes new lines
  • ucfirst – Converts the first letter of every word to uppercase
  • upper – Converts to uppercase
  • lower – Converts to lowercase
  • mixed – Mixed case letters
  • find – Find a string using regular expressions
  • replace – Replaces the string with the arguments given
  • splitjoin – Splits the string into pieces and then joins it together with the arguments specified.
  • splitjointag – Same as above only instead of joining a character you can join with a tag
  • repeat – Repeat the content of a tag specified in the argument amount
  • reverse – Reverses the text
  • length – Returns the length of the enclosed string
  • substr – Return parts of the string specified in the arguments

Split join tag example (First parameter is the string to split, second is the join character and third is the tag to surround the result)

Fuzzing (Random character generation tags)

  • randchars – Return a random set of characters with the amount specified in a parameter
  • randnum – Same as above with numbers
  • randletters – Random letters
  • randletternums – Random letters and numbers
  • nullents – Return a random null html entity character (Can be used to obscure function calls etc)

Random characters example

Hashing (Performs hashing functions on a string)

  • md4 – Performs a MD4 hash of a string
  • md5 – Performs a MD5 hash of a string
  • sha1 – Performs a sha1 hash of a string
  • sha2 – Performs a sha2 hash of a string
  • hmac_md4 – Performs a hmac_md4 hash of a string uses a argument for the hmac key
  • hmac_md5 – Performs a hmac_md5 hash of a string uses a argument for the hmac key
  • hmac_sha1 – Performs a hmac_sha1 hash of a string uses a argument for the hmac key

sha1_hmac example

Convert (Conversion tags to perform numeric or other special conversions)

  • bin – Convert the string to binary
  • hex2rgb – Convert a HTML colour to RGB
  • rgb2hex – Converts RGB colours to HTML hex colours
  • dec2hex – Converts a number to hex
  • dec2oct – Converts a number to octal

Dec2hex example

Common inputs (Tags to save time typing which are used frequently)

  • c_js – Inserts the javascript: protocol string
  • c_alert – Standard javascript alert
  • c_script – Inserts a script tag
  • c_eval – Javascript eval
  • c_link – HTML link
  • c_iframe – HTML iframe
  • c_null – Inserts a null character
  • c_tab – Inserts a tab character
  • c_newline – Inserts a new line character
  • c_maxunicode – Returns the maximum unicode character number

Tab example

XSS (Tags to be used creating XSS vectors)

  • mozbindingcss – Creates a link to a XML file in CSS which can execute javascript
  • mozbindingxml – Creates the standard XML which will execute javascript in CSS (Use in combination with the mozbindingcss tag)
  • mozbindingexpression – Creates a cross compatible CSS vector which works on IE and Firefox
  • image – Image based XSS
  • script – External js file inclusion
  • background – HTML background javascript XSS
  • backgroundcss – CSS background javascript XSS
  • cssexpression – IE CSS javascript
  • flash – Flash XSS files
  • data – Data protocol urls

mozbindingexpression example

SQL (SQL injection tags)

  • sqlchr – Separates characters into a sqlchr statement
  • sqlcomment – Creates a SQL statement with comments around letters to obscure common commands.
  • sqlchar – Converts a string to hex and char SQL function calls
  • sqlascii – Same as above but with ASCII
  • sqlor – Creates a string from separated OR statements
  • sqlhex – Creates a hex number from each character

SQL comment example

Date (Date based tags, quite sparse at the moment)

  • date2timestamp – Converts a date into a UNIX timestamp
  • timestamp2date – Converts a timestamp into a date

timestamp2date example

Encrypt (Encryption tags)

  • caesar_enc – Caesar encryption arguments specifies the key
  • morse_enc – Converts to morse code (I dunno why I’ve put this encryption but I couldn’t find a good spot for it)
  • caesar_dec – Decrypts caesar encrypted data
  • morse_dec – Decodes morse code

Morse code example

Keyboard shortcuts

CTL+SHIFT+Backspace
Clear Hackvertor

CTL+SHIFT+B
DOM Browser

CTL+SHIFT+C
Convert

CTL+SHIFT+E
Execute output

CTL+SHIFT+H
Test in HTML

CTL+SHIFT+I
Select input

CTL+SHIFT+O
Select output

CTL+SHIFT+S
Swap intput/output

CTL+SHIFT+T
Clear tags

CTL+SHIFT+U
Create URL

References

[1] UTF7
[2] MD5

2 Responses to “Hackvertor update”

  1. Gareth Heyes writes:

    Added a find tag now 🙂

    It’s awesome, allows you to use a regular expression in a tag and then combine it with others e.g.

    Find tag

  2. Gareth Heyes writes:

    Hehe this is like drag n drop programming:-

    This one matches lower case letters and hex encodes the result:-
    Another find example