WebApp Sec mailing list archives
RE: Looking for coder.htm / ASCII encoder
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Mon, 1 Sep 2003 15:46:28 +0200
There is a "tool" in Exodus (http://home.intekom.co.za/rdawes/exodus.html) that allows you to copy and paste strings into a window, then perform (undo-able) transforms on them, for example, URL-encoding them, MD5-hashing them, hex-encoding them. Exodus is Java-based, though, which might be an obstacle. However, Exodus is obviously a lot more than just a transcoder, so it might be useful to you in more ways than just the transcoder window. For those web application testers that have used Exodus in the past, and are interested in seeing where future efforts will go, take a look at OWASP's webscarab, which is coming along quite nicely. (http://www.owasp.org/development/webscarab)) It is still missing some functionality that Exodus currently has, but the framework is a LOT cleaner, and it is a lot easier to add new features to WebScarab than to Exodus. Comments and suggestions are welcome! Rogan
-----Original Message----- From: n30 [mailto:n30_lists () hotmail com] Sent: 29 August 2003 04:56 PM To: webappsec () securityfocus com Subject: Looking for coder.htm / ASCII encoder Guys, Need your help. About an year back, I have send a mail on the list asking for a tool which would help me encode ASCII characters to unicode/HTML encode/etc...facilitate bypassing input valdation routines...(perform xss & sql inj attacks stealthily) Someone had personally sent me a link to an html page called 'coder.htm' which did exactly that...Unfortunately i lost the link.. Anybody out there has the link? or even the file? Google search lead me to http://homepage1.nifty.com/3rdpage/us/display/coder.html but looks like the file is taken off... Also, any body out there has better tools/ ideas of how to accomplish that?/ Thanks a million in advnace -N
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer")
that must be accessed and read by clicking here or by copying and pasting the following address into your Internet
browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this
email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access
the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.
Current thread:
- RE: Looking for coder.htm / ASCII encoder Dawes, Rogan (ZA - Johannesburg) (Sep 01)
- <Possible follow-ups>
- RE: Looking for coder.htm / ASCII encoder Noam Eppel (Sep 01)
- Re: Looking for coder.htm / ASCII encoder Jason (Sep 01)
- RE: Looking for coder.htm / ASCII encoder Brewis, Mark (Sep 02)
- Book on Java Security n30 (Sep 05)
- Re: Book on Java Security Al Sutton (Sep 05)
- Re: Book on Java Security Rory (Sep 05)
- Re: Book on Java Security Gary Ellison (Sep 20)
- Book on Java Security n30 (Sep 05)