用来bypass一些检测规则或者条件限制

XSS加密还是很常见很常见的。
'''

Python XSS payload encoder

Author: BGS (rstcenter.com)

Contributor cmiN (rstcenter.com)

Date: 13 August 2011

Version: Python 2.7

'''

#!/usr/bin/env python

import time

import sys

import urllib2

import base64
def main():
try:

if sys.argv[1] == "help":

print '[-]'+time.ctime()

print'''[-]Instructions:

encoder.py <encoding type> "<string>"

Available encodings: ascii b64 hex url

[-]Exiting...

'''

elif sys.argv[1] == "b64":

b64_encode()

elif sys.argv[1] == "ascii":

ascii_encode()

elif sys.argv[1] == "hex":

hex_encode()

elif sys.argv[1] == "url":

url_encode()
else:

sys.exit(1)

except Exception, e:

print 'Type "encoder.py help" for instructions! '

sys.exit(1)

 

def b64_encode():

payload = sys.argv[2]

encoded = base64.standard_b64encode(payload)

print ' ################## B64 String #######################'

print ''

print 'String:' + encoded

print ''

print "#################### >>EOF<< #########################"
def ascii_encode():

payload = sys.argv[2]

string = ''
for w in payload:

string += str(ord(w)) + ","

print ' ################## ASCII String #####################'

print ''

print 'string.fromCharCode(' + string.strip(",") +')'

print ''

print "#################### >>EOF<< #########################"
def hex_encode():

payload = sys.argv[2]

encoded = payload.encode('hex')

print ' ################## HEX String #######################'

print ''

print 'String:' + encoded

print ''

print "#################### >>EOF<< #########################"

 
def url_encode():

payload = sys.argv[2]

encoded = urllib2.quote(payload.encode("utf8"))

print ' ################## URL String #######################'

print ''

print 'String:' + encoded

print ''

print "#################### >>EOF<< #########################"

if __name__ == '

References

http://www.lo0.ro/2011/python-xss-payload-encoder/

http://monyer.com/demo/monyerjs/

http://tools88.com/safe/MonyerEn.php

转载请注明来自WebShell'S Blog,本文地址:https://www.webshell.cc/2140.html