The Ethical Hacker Network

Seen

Jr. Member

Offline

Posts: 96

URL Encoder

« on: January 05, 2012, 12:42:51 AM »

What tool(s) do you guys recommend for URL encoding/decoding? I've been using Hackbar for Firefox, but I'm switching to Chrome, so I was wondering if anyone knew a good Chrome extension or standalone app for encoding. I think you can do it with Burp Suite, but I just thought I'd ask in case there was some tool I didn't know about. And if there's nothing good, I suppose I could write my own.

Thanks.


	Logged

Sec+, eCPPT

lorddicranius

Sr. Member

Online

Posts: 396

Re: URL Encoder

« Reply #1 on: January 05, 2012, 12:48:20 AM »

Burp Suite here, love it. I've only just started into web app security though, so my experience with tools is limited.


	Logged

Blog: http://lorddicranius.wordpress.com/

Jamie.R

Hero Member

Offline

Posts: 626

Re: URL Encoder

« Reply #2 on: January 05, 2012, 03:52:38 AM »

Same burp suit i use to url encode


	Logged

OSWP | eCPPT | HackingDojo Nidan
www.jamierougive.co.uk

Uhaba

Newbie

Offline

Posts: 2

Re: URL Encoder

« Reply #3 on: January 11, 2012, 09:16:28 AM »

Burp Suite is the way to go.


	Logged

tturner

Sr. Member

Offline

Posts: 329

Re: URL Encoder

« Reply #4 on: January 11, 2012, 10:07:32 AM »

While I concur with the Burp suggestions, I'd like to recommend an alternate tool that is enjoying some rather rapid development and showing some very promising potential. Zed Attack Proxy is also an OWASP project and is a fork of the old largely unmaintained Paros Proxy. http://code.google.com/p/zaproxy/

Btw, http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html has a survey up for best tool of the year. I'm recommending people vote for ZAP. It's currently in 1st place but it could use some more votes to keep Security Onion from overtaking it


« Last Edit: January 11, 2012, 10:12:24 AM by tturner »	Logged

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE

MaXe

Hero Member

Offline

Posts: 507

I've just upgraded myself to a cyborg muahahaa!!1

Re: URL Encoder

« Reply #5 on: January 11, 2012, 04:30:33 PM »

You can also use php cli. If it's just hex encoding and decoding, a script like this will do:

Code:

<?php
/* URL Encoder / Decoder by MaXe */
$option = isset($argv[1]) ? $argv[1] : NULL;
$url = isset($argv[2]) ? $argv[2] : NULL;

if($option==NULL && $url==NULL) {
echo "[!] You need to set both a method and url.\n\n";
echo "[*] Example: php script.php enc http://google.com\n";
echo "[*] Example: php script.php dec http://google.com\n\n";
echo "[*] Enc stands for Encode and Dec for Decode.\n";
echo "[x] Exiting..";
exit;
}

if($option=="enc" && $url!=NULL) {
echo "[+] Result: ". urlencode($url);
} else if($option=="dec" && $url!=NULL) {
echo "[+] Result: ". urldecode($url);
} else {
echo "[!] Unknown option (must be \"dec\" or \"enc\") or URL is not specified.\n";
echo "[x] Exiting..";
exit;
}

?>

It could be in a lot fewer lines, but like 2-3 or 4, but I thought I'd remove the annoying error messages.

Demo:

Code:

C:\xampp\php>php test1.php dec http%3A%2F%2Fgoogle.com%2Fasjdklasjdklas%2Fdsa.da
s.wpdwq%40
[+] Result: http://google.com/asjdklasjdklas/dsa.das.wpdwq@
C:\xampp\php>php test1.php enc http://google.com/asjdklasjdklas/dsa.
[+] Result: http%3A%2F%2Fgoogle.com%2Fasjdklasjdklas%2Fdsa.

This can of course, also be made in javascript, a website, or whatever you prefer. There's even tools like HackVerter and some in the bottom of ha.ckers.org/xss.html


	Logged

I'm an InterN0T'er

Seen

Jr. Member

Offline

Posts: 96

Re: URL Encoder

« Reply #6 on: January 11, 2012, 06:04:53 PM »

Thanks for the code MaXe. And I'll have to check out ZAP tturner.


	Logged

Sec+, eCPPT

MaXe

Hero Member

Offline

Posts: 507

I've just upgraded myself to a cyborg muahahaa!!1

Re: URL Encoder

« Reply #7 on: January 11, 2012, 07:34:24 PM »

Quote from: Seen on January 11, 2012, 06:04:53 PM

Thanks for the code MaXe. And I'll have to check out ZAP tturner.

No problem, I thought I'd write a basic proof of concept / mini-tool for fun Grin


	Logged

I'm an InterN0T'er

Seen

Jr. Member

Offline

Posts: 96

Re: URL Encoder

« Reply #8 on: January 12, 2012, 12:56:34 AM »

I like knowing how things works, so I appreciate the code


	Logged

Sec+, eCPPT

MaXe

Hero Member

Offline

Posts: 507

I've just upgraded myself to a cyborg muahahaa!!1

Re: URL Encoder

« Reply #9 on: January 23, 2012, 04:49:38 PM »

Quote from: valeraymartin on January 23, 2012, 03:53:55 PM

URL stands for Uniform Resource Locator. We start with public class and extends object. Utility class for HTML form encoding and this class contains static methods for converting a String to the mime format

What does that mean?

1337 hax0r copy+paste skills:
1. http://compnetworking.about.com/od/internetaccessbestuses/g/bldef-url.htm

Quote

URL stands for Uniform Resource Locator.

(It's quite obvious what it stands for, so you probably wrote that yourself.)
2. http://docs.oracle.com/javase/6/docs/api/java/net/URLEncoder.html

Quote

Utility class for HTML form encoding and this class contains static methods for converting a String to the mime format

(Almost identical.)

I find it hard however, that you wrote the second part, as it is almost the same as the link, and your reply to this post, only made me more confused.

Of course there's a class in Java for URL Encoding, just like there's a PHP function, and most likely a JavaScript function, and so forth. But it's somewhat annoying to see you just post some random information that can barely relate to the topic, it's almost like spam Shocked