I’ve been reading a lot about unicode over the past few weeks and I decided to add full/half conversion into Hackvertor as a learning exercise. It’s useful for testing IDS systems because certain web servers automatically convert the characters into the normal ASCII range.
Check it out here:-
Unicode demo
You can even assign a custom prefix to the conversion allowing you to produce urlencoded escapes or javascript escapes, a demo of that is available here:-
Custom prefix
Update..
Modified the prefixes slightly to allow hex entities as well:-
Entity demo
Another update..
It supports direct conversion of characters now:-
Direct conversion
Comments 3
Do you plan on adding UTF-8 encoding? I have seen non-minimal UTF-8 encoding used to bypass filters in the past…
Posted 24 Jan 2008 at 3:16 pm ¶@Technocrat
Yeah I will do , could you provide a specific example please?
Posted 24 Jan 2008 at 3:18 pm ¶@Technocrat
I’ve Googled the XSS examples for UTF-8 and they all seem to be using the BOM character. Hackvertor already supports higher unicode and can produce these zero space characters.
Please let me know if you have any ideas improving functionality and I’ll consider improving it with a new tag.
Posted 24 Jan 2008 at 4:52 pm ¶Post a Comment