byteme.py

Hello guys,

Just curious to know if you would like to include this tool I made into bt.

Why was this tool created?
One day I did a pentest that required me to bypass some filters and I failed to understand some encoding tricks. I decided to spend the time and research UTF8 and built a tool based on that knowledge.

What does it do?
byteme.py is a tool to encode ascii characters in different formats so that a pentester can possibly bypass a WAF or specfic application filters.

Who would use it?
This tool is specfically designed for the manual pentester targeting a web application with a known flaw and trying to bypass WAF's/filter.

Example:

Code:

---

[mr_me@pluto utf8]$ ./byteme.py

        ---------------------------------------
          / /  __ __/ /____ __ _  ___         
          / _ \/ // / __/ -_)  ' \/ -_) 0x00 _ 
        /_.__/\_, /\__/\__/_/_/_/\__/  0x7f       
              /___/                               
        ---------------------------------------
        the ascii payload encoder (<=0x7f)       
        written by 0x53746576656e205365656c6579

Usage: ./byteme.py [<options>] -s [true string] -t [target] -d [directory]
Example 1: ./byteme.py -s '<script>'
Example 2: ./byteme.py -H 00

Options:
  -h, --help  show this help message and exit
  -s STRING  Specify an ASCII string value to encode
  -H HEX      Specify a Hex character to encode
[mr_me@pluto utf8]$ ./byteme.py -s "<script>"

        ---------------------------------------
          / /  __ __/ /____ __ _  ___         
          / _ \/ // / __/ -_)  ' \/ -_) 0x00 _ 
        /_.__/\_, /\__/\__/_/_/_/\__/  0x7f       
              /___/                               
        ---------------------------------------
        the ascii payload encoder (<=0x7f)       
        written by 0x53746576656e205365656c6579

(+) Encoding string value '<script>'

-----------[ Encoding results ]-----------

(+) Standard hex: %3c%73%63%72%69%70%74%3e

(+) Double percent: %253c%2573%2563%2572%2569%2570%2574%253e

(+) Double nibble: %%33%63%%37%33%%36%33%%37%32%%36%39%%37%30%%37%34%%33%65

(+) First nibble: %%33c%%373%%363%%372%%369%%370%%374%%33e

(+) Second nibble: %3%63%7%33%6%33%7%32%6%39%7%30%7%34%3%65

(+) UTF-8 2 byte: %c0%bc%c1%b3%c1%a3%c1%b2%c1%a9%c1%b0%c1%b4%c0%be

(+) UTF-8 3 byte: %e0%80%bc%e0%81%b3%e0%81%a3%e0%81%b2%e0%81%a9%e0%81%b0%e0%81%b4%e0%80%be

(+) UTF-8 4 byte: %f0%80%80%bc%f0%80%81%b3%f0%80%81%a3%f0%80%81%b2%f0%80%81%a9%f0%80%81%b0%f0%80%81%b4%f0%80%80%be

[mr_me@pluto utf8]$

---

Download: http://net-ninja.net/blog/wp-content...byteme.py_.txt

Nice!

Add more encodings from CAL9000/HackVector if you wish.


http://yehg.net/lab/pr0js/pentest/CAL9000/
http://hackvertor.co.uk/public

So quick question, is this for use in conjunction with manual SQLi, and bypassing WAF?

i.e. WAF is clearly in place so you can encode the statements you wish to use with one of these types of encoding, to bypass the WAF?

Thanks a lot!