.

URL Encoder

<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Thu Jan 05, 2012 1:42 am

URL Encoder

What tool(s) do you guys recommend for URL encoding/decoding?  I've been using Hackbar for Firefox, but I'm switching to Chrome, so I was wondering if anyone knew a good Chrome extension or standalone app for encoding.  I think you can do it with Burp Suite, but I just thought I'd ask in case there was some tool I didn't know about.  And if there's nothing good, I suppose I could write my own.

Thanks.
Sec+, eCPPT
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Jan 05, 2012 1:48 am

Re: URL Encoder

Burp Suite here, love it.  I've only just started into web app security though, so my experience with tools is limited.
GSEC, eCPPT, Sec+
<<

millwalll

Post Thu Jan 05, 2012 4:52 am

Re: URL Encoder

Same burp suit i use to url encode
<<

Uhaba

Newbie
Newbie

Posts: 2

Joined: Tue Apr 05, 2011 8:57 am

Post Wed Jan 11, 2012 10:16 am

Re: URL Encoder

Burp Suite is the way to go.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jan 11, 2012 11:07 am

Re: URL Encoder

While I concur with the Burp suggestions, I'd like to recommend an alternate tool that is enjoying some rather rapid development and showing some very promising potential. Zed Attack Proxy is also an OWASP project and is a fork of the old largely unmaintained Paros Proxy. http://code.google.com/p/zaproxy/

Btw, http://holisticinfosec.blogspot.com/201 ... -year.html has a survey up for best tool of the year. I'm recommending people vote for ZAP. It's currently in 1st place but it could use some more votes to keep Security Onion from overtaking it :)
Last edited by tturner on Wed Jan 11, 2012 11:12 am, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Jan 11, 2012 5:30 pm

Re: URL Encoder

You can also use php cli. If it's just hex encoding and decoding, a script like this will do:
  Code:
<?php
/* URL Encoder / Decoder by MaXe */
$option = isset($argv[1]) ? $argv[1] : NULL;
$url = isset($argv[2]) ? $argv[2] : NULL;

if($option==NULL && $url==NULL) {
echo "[!] You need to set both a method and url.\n\n";
echo "[*] Example: php script.php enc http://google.com\n";
echo "[*] Example: php script.php dec http://google.com\n\n";
echo "[*] Enc stands for Encode and Dec for Decode.\n";
echo "[x] Exiting..";
exit;
}


if($option=="enc" && $url!=NULL) {
echo "[+] Result: ". urlencode($url);
} else if($option=="dec" && $url!=NULL) {
echo "[+] Result: ". urldecode($url);
} else {
echo "[!] Unknown option (must be \"dec\" or \"enc\") or URL is not specified.\n";
echo "[x] Exiting..";
exit;
}

?>


It could be in a lot fewer lines, but like 2-3 or 4, but I thought I'd remove the annoying error messages.

Demo:
  Code:
C:\xampp\php>php test1.php dec http%3A%2F%2Fgoogle.com%2Fasjdklasjdklas%2Fdsa.da
s.wpdwq%40
[+] Result: http://google.com/asjdklasjdklas/dsa.das.wpdwq@
C:\xampp\php>php test1.php enc http://google.com/asjdklasjdklas/dsa.
[+] Result: http%3A%2F%2Fgoogle.com%2Fasjdklasjdklas%2Fdsa.


This can of course, also be made in javascript, a website, or whatever you prefer. There's even tools like HackVerter and some in the bottom of ha.ckers.org/xss.html  :)
I'm an InterN0T'er
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed Jan 11, 2012 7:04 pm

Re: URL Encoder

Thanks for the code MaXe.  And I'll have to check out ZAP tturner.
Sec+, eCPPT
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Jan 11, 2012 8:34 pm

Re: URL Encoder

Seen wrote:Thanks for the code MaXe.  And I'll have to check out ZAP tturner.


No problem, I thought I'd write a basic proof of concept / mini-tool for fun  ;D
I'm an InterN0T'er
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Thu Jan 12, 2012 1:56 am

Re: URL Encoder

I like knowing how things works, so I appreciate the code  :)
Sec+, eCPPT
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Jan 23, 2012 5:49 pm

Re: URL Encoder

valeraymartin wrote:URL stands for Uniform Resource Locator. We start with public class and extends object. Utility class for HTML form encoding and this class contains static methods for converting a String to the mime format


What does that mean?

1337 hax0r copy+paste skills:
1. http://compnetworking.about.com/od/inte ... ef-url.htm
URL stands for Uniform Resource Locator.
(It's quite obvious what it stands for, so you probably wrote that yourself.)
2. http://docs.oracle.com/javase/6/docs/ap ... coder.html
Utility class for HTML form encoding and this class contains static methods for converting a String to the mime format
(Almost identical.)

I find it hard however, that you wrote the second part, as it is almost the same as the link, and your reply to this post, only made me more confused.

Of course there's a class in Java for URL Encoding, just like there's a PHP function, and most likely a JavaScript function, and so forth. But it's somewhat annoying to see you just post some random information that can barely relate to the topic, it's almost like spam  :o No offense intended of course.  :)
I'm an InterN0T'er
<<

nytfox

User avatar

Newbie
Newbie

Posts: 20

Joined: Mon Nov 28, 2011 1:54 am

Post Sun Jan 29, 2012 2:07 am

Re: URL Encoder

What ^ Said
Unlike others I love NULLS
http://treasuresec.com

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software