XSS代码加密脚本

分类:安全 | 2011-11-23 | 撸过 53 次
0人扯谈

用来bypass一些检测规则或者条件限制

XSS加密还是很常见很常见的。
”’

Python XSS payload encoder

Author: BGS (rstcenter.com)

Contributor cmiN (rstcenter.com)

Date: 13 August 2011

Version: Python 2.7

”’

#!/usr/bin/env python

import time

import sys

import urllib2

import base64
def main():
try:

if sys.argv[1] == “help”:

print ‘[-]’+time.ctime()

print”'[-]Instructions:

encoder.py <encoding type> “<string>”

Available encodings: ascii b64 hex url

[-]Exiting…

”’

elif sys.argv[1] == “b64”:

b64_encode()

elif sys.argv[1] == “ascii”:

ascii_encode()

elif sys.argv[1] == “hex”:

hex_encode()

elif sys.argv[1] == “url”:

url_encode()
else:

sys.exit(1)

except Exception, e:

print ‘Type “encoder.py help” for instructions! ‘

sys.exit(1)

 

def b64_encode():

payload = sys.argv[2]

encoded = base64.standard_b64encode(payload)

print ‘ ################## B64 String #######################’

print ”

print ‘String:’ + encoded

print ”

print “#################### >>EOF<< #########################”
def ascii_encode():

payload = sys.argv[2]

string = ”
for w in payload:

string += str(ord(w)) + “,”

print ‘ ################## ASCII String #####################’

print ”

print ‘string.fromCharCode(‘ + string.strip(“,”) +’)’

print ”

print “#################### >>EOF<< #########################”
def hex_encode():

payload = sys.argv[2]

encoded = payload.encode(‘hex’)

print ‘ ################## HEX String #######################’

print ”

print ‘String:’ + encoded

print ”

print “#################### >>EOF<< #########################”

 
def url_encode():

payload = sys.argv[2]

encoded = urllib2.quote(payload.encode(“utf8″))

print ‘ ################## URL String #######################’

print ”

print ‘String:’ + encoded

print ”

print “#################### >>EOF<< #########################”

if __name__ == ‘

References

http://www.lo0.ro/2011/python-xss-payload-encoder/

http://monyer.com/demo/monyerjs/

http://tools88.com/safe/MonyerEn.php

本站内容均为原创,转载请务必保留署名与链接!
XSS代码加密脚本:https://www.webshell.cc/2140.html
标签:

相关日志