Unicode half and full width conversion

Wednesday, 23 January 2008

I’ve been reading a lot about unicode over the past few weeks and I decided to add full/half conversion into Hackvertor as a learning exercise. It’s useful for testing IDS systems because certain web servers automatically convert the characters into the normal ASCII range.

Check it out here:-
Unicode demo

You can even assign a custom prefix to the conversion allowing you to produce urlencoded escapes or javascript escapes, a demo of that is available here:-
Custom prefix

Update..

Modified the prefixes slightly to allow hex entities as well:-
Entity demo

Another update..

It supports direct conversion of characters now:-
Direct conversion

The entry 'Unicode half and full width conversion' was posted on January 23rd, 2008 at 11:55 am and last modified on January 23rd, 2008 at 4:29 pm, and is filed under hackvertor, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Responses to “Unicode half and full width conversion”

  1. Technocrat writes:
    No. 1 — January 24th, 2008 at 3:16 pm

    Do you plan on adding UTF-8 encoding? I have seen non-minimal UTF-8 encoding used to bypass filters in the past…

  2. Gareth Heyes writes:
    No. 2 — January 24th, 2008 at 3:18 pm

    @Technocrat

    Yeah I will do , could you provide a specific example please?

  3. Gareth Heyes writes:
    No. 3 — January 24th, 2008 at 4:52 pm

    @Technocrat

    I’ve Googled the XSS examples for UTF-8 and they all seem to be using the BOM character. Hackvertor already supports higher unicode and can produce these zero space characters.

    Please let me know if you have any ideas improving functionality and I’ll consider improving it with a new tag.

«
»