用来bypass一些检测规则或者条件限制
XSS加密还是很常见很常见的。
'''
Python XSS payload encoder
Author: BGS (rstcenter.com)
Contributor cmiN (rstcenter.com)
Date: 13 August 2011
Version: Python 2.7
'''
#!/usr/bin/env python
import time
import sys
import urllib2
import base64
def main():
try:
if sys.argv[1] == "help":
print '[-]'+time.ctime()
print'''[-]Instructions:
encoder.py <encoding type> "<string>"
Available encodings: ascii b64 hex url
[-]Exiting...
'''
elif sys.argv[1] == "b64":
b64_encode()
elif sys.argv[1] == "ascii":
ascii_encode()
elif sys.argv[1] == "hex":
hex_encode()
elif sys.argv[1] == "url":
url_encode()
else:
sys.exit(1)
except Exception, e:
print 'Type "encoder.py help" for instructions! '
sys.exit(1)
def b64_encode():
payload = sys.argv[2]
encoded = base64.standard_b64encode(payload)
print ' ################## B64 String #######################'
print ''
print 'String:' + encoded
print ''
print "#################### >>EOF<< #########################"
def ascii_encode():
payload = sys.argv[2]
string = ''
for w in payload:
string += str(ord(w)) + ","
print ' ################## ASCII String #####################'
print ''
print 'string.fromCharCode(' + string.strip(",") +')'
print ''
print "#################### >>EOF<< #########################"
def hex_encode():
payload = sys.argv[2]
encoded = payload.encode('hex')
print ' ################## HEX String #######################'
print ''
print 'String:' + encoded
print ''
print "#################### >>EOF<< #########################"
def url_encode():
payload = sys.argv[2]
encoded = urllib2.quote(payload.encode("utf8"))
print ' ################## URL String #######################'
print ''
print 'String:' + encoded
print ''
print "#################### >>EOF<< #########################"
if __name__ == '
References
http://www.lo0.ro/2011/python-xss-payload-encoder/
渝公网安备 50024202000196号
域名注册知识
虚拟主机知识
网站建设知识
网络推广知识
网络营销知识
常见技术问题
QQ空间
新浪微博
开心网
人人网