|
xssjo.htm
<!--
XSS JavaScript Obfuscator 0.01A
Copyright (C) 2009 John Leitch john.leitch5@gmail.com
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script type="text/javascript" src="http://jqueryjs.googlecode.com/files/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="xssjo.js"></script>
<body>
<form>
<table id="obfuscatorTable">
<tr>
<td>
Url Prefix<br />
<textarea id="urlPrefixText" onkeyup="updateTextAreas();" style="width:250px;height:40px;"></textarea><br />
</td>
<td>
Url Suffix<br />
<textarea id="urlSuffixText" onkeyup="updateTextAreas();" style="width:250px;height:40px;"></textarea><br />
</td>
</tr>
<tr>
<td>
Attack Vector Prefix<br />
<textarea id="vectorPrefixText" onkeyup="updateTextAreas();" style="width:250px;height:40px;"></textarea><br />
</td>
<td>
Attack Vector Suffix<br />
<textarea id="vectorSuffixText" onkeyup="updateTextAreas();" style="width:250px;height:40px;"></textarea><br />
</td>
</tr>
<tr>
<td>
Code<br />
<textarea id="codeText" onkeyup="updateTextAreas();" style="width:250px;height:200px;"></textarea><br />
</td>
<td>
Encoded Javascript<br />
<textarea id="encodedJsText" style="width:250px;height:200px;"></textarea><br />
</td>
</tr>
<tr>
<td>
Partial Url Encode<br />
<textarea id="partialUrlEncodeText" style="width:250px;height:200px;"></textarea><br />
</td>
<td>
Complete Url Encode<br />
<textarea id="urlEncodeText" style="width:250px;height:200px;"></textarea><br />
</td>
</tr>
<tr>
<td style="vertical-align:top;">
Decode Method<br />
<input name="decode" type="radio" value="0" checked="checked" onclick="updateTextAreas();" />String.fromCharCode call<br />
<input name="decode" type="radio" value="1" onclick="updateTextAreas();" />unescape partial encode call<br />
<input name="decode" type="radio" value="2" onclick="updateTextAreas();" />unescape full encode call<br />
<input name="decode" type="radio" value="3" onclick="updateTextAreas();" />unescape full unicode encode call<br />
<input name="decode" type="radio" value="4" onclick="updateTextAreas();" />hex string<br />
</td>
<td style="vertical-align:top;">
Decode Return Call<br />
<input name="call" type="radio" value="document.write" onclick="updateTextAreas();" checked="checked"/>document.write<br />
<input name="call" type="radio" value="eval" onclick="updateTextAreas();" />eval<br />
</td>
</tr>
</table>
</form>
</body>
</html>
xssjo.js
// XSS JavaScript Obfuscator 0.01A
// Copyright (C) 2009 John Leitch john.leitch5@gmail.com
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see http://www.gnu.org/licenses/.
// Mode 0 = String.fromCharCode call
// Mode 1 = unescape partial encode call
// Mode 2 = unescape full encode call
// Mode 3 = unescape full unicode encode call
// Mode 4 = hex string
// Mode 5 = raw full url encode
function encodeString(Source, Mode, DoubleQuotes) {
var quote = DoubleQuotes ? '"' : '\'';
var e = '';
// Mode 1
if (Mode == 1)
return 'unescape(' + quote + escape(Source) + quote + ')';
var append;
var complete;
// Mode 0
if (Mode == 0) {
append = function(CharCode) {
e += x != 0 ? "," + CharCode : CharCode;
}
complete = function() {
return 'String.fromCharCode(' + e + ')';
}
}
// Modes 2 - 5
else {
append = function(CharCode) {
var charPrefix =
Mode == 3 ? '%u00' :
Mode == 4 ? '\\x' :
'%';
e += charPrefix + CharCode.toString(16);
}
if (Mode == 2 || Mode == 3)
complete = function() {
return 'unescape(' + quote + e + quote + ')';
}
else if (Mode == 4)
complete = function() {
return quote + e + quote;
}
}
for (x = 0; x < Source.length; x++)
append(Source.charCodeAt(x));
if (complete == null)
return e;
return complete();
}
function updateTextAreas() {
var js = $('#codeText').val();
var mode = $("input[name='decode']:checked").val();
var call = $("input[name='call']:checked").val();
var encodedJS = encodeString(js, mode);
if (call)
encodedJS = call + '(' + encodedJS + ');'
encodedJS = $('#vectorPrefixText').val() + encodedJS + $('#vectorSuffixText').val();
var urlPrefix = $('#urlPrefixText').val();
var urlSuffix = $('#urlSuffixText').val();
var urlWrap = function(x) { return urlPrefix + x + urlSuffix; }
$('#encodedJsText').val(urlWrap(encodedJS));
$('#partialUrlEncodeText').val(urlWrap(escape(encodedJS)));
$('#urlEncodeText').val(urlWrap(encodeString(encodedJS, 5)));
}
|
推荐
评论(0条)
