hURL - hexadecimal & URL encoder + decoder

while working on the PWB online course, I kept running into the need to do HEX and URL encoding/decoding. I asked on the #offsec iRC channel for a tool in BackTrack to do this, and it was suggested to make use of perl. after a while it became a little cumbersome to use perl one-liners, so I created this perl script to help out. figured I'd share it with others :D it takes input from the command-line, or from a file. anytime something is ENcoded, the output is placed all on a single line (think file uploads via SQL injection, etc). feel free to leave comments or suggestions

it can be grabbed from here => github
git clone git://github.com/fnord0/hURL.git

code is too long now to paste here =(

Code:

.::[ hURL - hexadecimal & URL (en/de)coder v2.1 ]::. USAGE: ./hURL [ -flag|--flag ] [ -f <file1>,<file2> ] [ string ] COMMAND LINE ARGUMENTS -M|--menu => Menu-driven GUI ; ./hURL -M -U|--URL => URL encode ; ./hURL -U "hello world" -u|--url => uRL decode ; ./hURL -u "hello%20world" -D|--DURL => Double URL encode ; ./hURL -D "hello world" -d|--durl => double URL decode ; ./hURL -d "hello%2520world" -B|--BASE64 => Base64 encode ; ./hURL -B "hello world" -b|--base64 => base64 decode ; ./hURL -b "aGVsbG8gd29ybGQ=" -H|--HTML => HTML encode ; ./hURL -H "<hello world>" -h|--html => hTML decode ; ./hURL -h "<hello world>" -X|--HEX => ascii -> heX ; ./hURL -X "hello world" -x|--hex => hex -> ascii ; ./hURL -x "68656c6c6f20776f726c64" --esc :: output in escaped string ; "\x00\x01\x02\x03 ..." --pair :: output in hexpair format ; 00010203 ... -I|--INT => Int -> hex ; ./hURL -I "10" -i|--int => hex -> int ; ./hURL -i "0xa" -n|--nint => -int -> hex ; ./hURL -n -- -77 -N|--NHEX => -hex -> iNt ; ./hURL -N 0xffffffb3 -T|--INTB => inT -> bin ; ./hURL -T 30 -t|--bint => bin -> int ; ./hURL -t 1010 -F|--FLOATH => Float -> hex ; ./hURL -F 3.33 -l|--hfloat => hex -> float ; ./hURL -l 0x40551ed8 -o|--octh => octal -> hex ; ./hURL -o 35 -O|--HOCT => hex -> Octal ; ./hURL -O 0x12 -0|--binh => bin -> hex ; ./hURL -0 1100011 -1|--hexb => hex -> bin ; ./hURL -1 0x63 -2|--SHA1 => SHA1 checksum ; ./hURL -2 "hello world" -3|--SHA224 => SHA224 checksum ; ./hURL -3 "hello world" -4|--SHA256 => SHA256 checksum ; ./hURL -4 "hello world" -5|--SHA384 => SHA384 checksum ; ./hURL -5 "hello world" -6|--SHA512 => SHA512 checksum ; ./hURL -6 "hello world" -7|--ROT13 => ROT13 encode ; ./hURL -7 "hello world" -8|--rot13 => ROT13 decode ; ./hURL -8 "uryyb jbeyq" -9|--stack => push string 2 stack (corelan); ./hURL -9 "hello world" --esc :: output in escaped string ; "\x00\x01\x02\x03 ..." --pair :: output in hexpair format ; 00010203 ... --ansiC :: output in C format ; 0x00, 0x01, 0x02, 0x03 ... -m|--md5 => md5 digest ; ./hURL -m "hello world" -e|--net => int -> hex (net-byte order) ; ./hURL -e 4444 -E|--NET => hex (nEt-byte order) -> int ; ./hURL -E 5c11 -w|--wbin => hex [file] -> binary [file] ; ./hURL -w -f <INfile> <OUTfile> -r|--rbin => binary [file] -> hex (corelan); ./hURL -r -f /tmp/msgbox.bin --esc :: output in escaped string ; "\x00\x01\x02\x03 ..." --pair :: output in hexpair format ; 00010203 ... --ansiC :: output in C format ; 0x00, 0x01, 0x02, 0x03 ... --color|--nocolor => enable/disable colored output [default is ENABLED] --corelan => display corelan reference --help => displays help --man => displays extended help with examples --version => displays version information -s => suppress (display result only) -f|--file <file1>,<file2> => use file(s) as input [string] => string as input

Re: hURL - hexadecimal & URL encoder + decoder

Nice I can't wait to try it out. I don't know how many times I've had the exact same idea. I even starting coding a script in python and never got around to finishing it. Maybe this will inspire me to get it done.

Re: hURL - hexadecimal & URL encoder + decoder

UPDATED to v1.2 => added md5 digest capability, plus 'base64' and 'HTML' encode & decode options ;)
UPDATED to v1.3 => added "-s" suppress (minimal mode). combine with other tools (i.e. msfvenom)

Re: hURL - hexadecimal & URL encoder + decoder

I need to decode URL twice. Is there a way I can pipe the output back into another hURL command?
Something like this?

Code:

hURL -d -f urlencodedfile.log | hURL -d | less

Re: hURL - hexadecimal & URL encoder + decoder

natecitrix, I'm thinking u could use bash to accomplish yr desired results, just make sure your current shell is a bash shell (which is default in backtrack) and make use of the suppression command-line switch in hURL ;;

Code:

# RESULT=$(hURL -sdf urlencodedfile.log)| hURL -sd "$RESULT"

obviously u can throw a "| less" command at the end if u like, let me know if this works for you - or if u would like me to add any specific feature to hURL. thanks for your post!-

-fnord0

Re: hURL - hexadecimal & URL encoder + decoder

UPDATED to v2.0 => added SHA1/224/256/384/512 + MANY CHANGES, script becomes similar in vein to radare's rax(2) base conversion tool.

working on the offsec CTP test, and alot more with shellcode had me seeking out more conversion tools... rax(2) from radare is such a great app, and has many conversions I've been using, I figured why not implement alot of the rax(2) functionality into this script + many other options. which brings this script to today ::

feel free to use/copy/comment, thanks

hURL can be grabbed from here => github

git clone git://github.com/fnord0/hURL.git

/fnord0

Code:

.::[ hURL - hexadecimal & URL (en/de)coder v2.0 ]::. USAGE: ./hURL [U|u|B|b|H|h|X|x|I|i|n|N|T|t|F|l|o|O|0|1|2|3|4|5|6|m|e|E] [-s] [string|-f <filename>] COMMAND LINE ARGUMENTS -U => URL encode ; ./hURL -U "hello world" -u => uRL decode ; ./hURL -u "hello world" -B => Base64 encode ; ./hURL -B "hello world" -b => base64 decode ; ./hURL -b "aGVsbG8gd29ybGQ=" -H => HTML encode ; ./hURL -H "<hello world>" -h => hTML decode ; ./hURL -h "<hello world>" -X => ascii -> heX ; ./hURL -X "hello world" -x => hex -> ascii ; ./hURL -x "68656c6c6f20776f726c64" -I => Int -> hex ; ./hURL -I "10" -i => hex -> int ; ./hURL -i "0xa" -n => -int -> hex ; ./hURL -n -- -77 -N => -hex -> iNt ; ./hURL -N 0xffffffb3 -T => inT -> bin ; ./hURL -T 30 -t => bin -> int ; ./hURL -t 1010 -F => Float -> hex ; ./hURL -F 3.33 -l => hex -> flloat ; ./hURL -l 0x40551ed8 -o => octal -> hex ; ./hURL -o 35 -O => hex -> Octal ; ./hURL -O 0x12 -0 => bin -> hex ; ./hURL -0 1100011 -1 => hex -> bin ; ./hURL -1 0x63 -2 => SHA1 checksum ; ./hURL -2 "hello world" -3 => SHA224 checksum ; ./hURL -3 "hello world" -4 => SHA256 checksum ; ./hURL -4 "hello world" -5 => SHA384 checksum ; ./hURL -5 "hello world" -6 => SHA512 checksum ; ./hURL -6 "hello world" -m => md5 digest ; ./hURL -m "hello world" -e => int -> hex (network-byte order) ; ./hURL -e 4444 -E => hex (nEtwork-byte order) -> int ; ./hURL -E 5c11 -s => suppress (display result only) -f <filename> => use a file as input, instead of a string on the command-line --help => displays help --version => displays version information EXAMPLES: ./hURL -b -s "aGVsbG8gd29ybGQ=" ./hURL -X -f /var/www/meterpreter.php

Re: hURL - hexadecimal & URL encoder + decoder

updated to v2.1 - MANY changes have been implemented, anyone interested can always grab a copy from github

git clone git://github.com/fnord0/hURL.git

Code:

:: hURL CHANGELOG :: 05202012 => Peter Van Eeckhoutte/corelanc0d3r push string to stack function added (source: http://corelan.be|pvePushString.pl) - slight modifications 05202012 => Getopt::Long for better command-line support 05202012 => --man option for extended documentation done using Pod::Usage 05202012 => color|nocolor optional support added 05212012 => multi-file support (-f <file1>,<file2>) + bundling of multi-file && string on cmdline (-f <file1> -f <file2> "hello world") 05272012 => rotate13/ROT13 encode + decode 06022012 => sting2stack output formats added: ansiC format, escaped string, hexpairs format 06022012 => ascii -> hex output formats added: escaped string, hexpairs 06022012 => corelan reference added: adopted from https://redmine.corelan.be/projects/corelanart/ 07082012 => Peter Van Eeckhoutte/corelanc0der readbin function added (source: http://corelan.be|pveReadbin.pl) - slight modifications 07082012 => Peter Van Eeckhoutte/corelanc0der inspired writebin function added (source: http://corelan.be|pveWritebin.pl) 07082012 => added double URL encode + decode function 07112012 => added a menu-driven interface, inspired by SET and WebSploit Toolkit

PS: I did indeed incorporate code from corelan/peter and want to say I didn't just copy+paste, but actually made some modifications -- imho improvements ;) -- to his scripts. fact being studying for the OSCE test has had me going over nearly all the corelan exploit tutorials and I found myself using his code so often, I figured why not merge it into this kinda all-in-one tool. within this script I have given proper attribution to all peter's code, and have even gone so far as to contacting him via #corelan chat on freenode to get his blessing to re-use his code from pveReadbin.pl/pveWritebin.pl/pvePushString.pl (if he reads this, THANK YOU AGAIN!)

my primary reason for posting this here, is that Im thinking most people who are going to be utilizing the OffSec courses may be the ones who could benefit from this tool the most =) if not, hey, no harm, no foul. (that's the intention at least, heh)

most of all, this tool has been a time saver for me and my studying, and has helped me learn to program new things with perl.

@b333f thanks much for the kind words! sorry for the late reply, Ive been all sorts of busy lately

/fnord0