Results 1 to 7 of 7

Thread: hURL - hexadecimal & URL encoder + decoder

  1. #1
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Post hURL - hexadecimal & URL encoder + decoder

    while working on the PWB online course, I kept running into the need to do HEX and URL encoding/decoding. I asked on the #offsec iRC channel for a tool in BackTrack to do this, and it was suggested to make use of perl. after a while it became a little cumbersome to use perl one-liners, so I created this perl script to help out. figured I'd share it with others it takes input from the command-line, or from a file. anytime something is ENcoded, the output is placed all on a single line (think file uploads via SQL injection, etc). feel free to leave comments or suggestions

    it can be grabbed from here => github
    git clone git://github.com/fnord0/hURL.git
    code is too long now to paste here =(

    Code:
    .::[ hURL - hexadecimal & URL (en/de)coder v2.1 ]::.
      USAGE: ./hURL [ -flag|--flag ] [ -f <file1>,<file2> ] [ string ]
    
      COMMAND LINE ARGUMENTS
       -M|--menu   => Menu-driven GUI        ;  ./hURL -M
       -U|--URL    => URL encode             ;  ./hURL -U "hello world"
       -u|--url    => uRL decode             ;  ./hURL -u "hello%20world"
       -D|--DURL   => Double URL encode      ;  ./hURL -D "hello world"
       -d|--durl   => double URL decode      ;  ./hURL -d "hello%2520world"
       -B|--BASE64 => Base64 encode          ;  ./hURL -B "hello world"
       -b|--base64 => base64 decode          ;  ./hURL -b "aGVsbG8gd29ybGQ="
       -H|--HTML   => HTML encode            ;  ./hURL -H "<hello world>"
       -h|--html   => hTML decode            ;  ./hURL -h "&lt;hello world&gt;"
       -X|--HEX    => ascii ->  heX          ;  ./hURL -X "hello world"
       -x|--hex    => hex   ->  ascii        ;  ./hURL -x "68656c6c6f20776f726c64"
        --esc   :: output in escaped string        ; "\x00\x01\x02\x03 ..."
        --pair  :: output in hexpair format        ; 00010203 ...
       -I|--INT    => Int   ->  hex          ;  ./hURL -I "10"
       -i|--int    => hex   ->  int          ;  ./hURL -i "0xa"
       -n|--nint   => -int  ->  hex          ;  ./hURL -n -- -77
       -N|--NHEX   => -hex  ->  iNt          ;  ./hURL -N 0xffffffb3
       -T|--INTB   => inT   ->  bin          ;  ./hURL -T 30
       -t|--bint   => bin   ->  int          ;  ./hURL -t 1010
       -F|--FLOATH => Float ->  hex          ;  ./hURL -F 3.33
       -l|--hfloat => hex   ->  float        ;  ./hURL -l 0x40551ed8
       -o|--octh   => octal ->  hex          ;  ./hURL -o 35
       -O|--HOCT   => hex   ->  Octal        ;  ./hURL -O 0x12
       -0|--binh   => bin   ->  hex          ;  ./hURL -0 1100011
       -1|--hexb   => hex   ->  bin          ;  ./hURL -1 0x63
       -2|--SHA1   => SHA1 checksum          ;  ./hURL -2 "hello world"
       -3|--SHA224 => SHA224 checksum        ;  ./hURL -3 "hello world"
       -4|--SHA256 => SHA256 checksum        ;  ./hURL -4 "hello world"
       -5|--SHA384 => SHA384 checksum        ;  ./hURL -5 "hello world"
       -6|--SHA512 => SHA512 checksum        ;  ./hURL -6 "hello world"
       -7|--ROT13  => ROT13 encode           ;  ./hURL -7 "hello world"
       -8|--rot13  => ROT13 decode           ;  ./hURL -8 "uryyb jbeyq"
       -9|--stack  => push string 2 stack (corelan);  ./hURL -9 "hello world"
        --esc   :: output in escaped string        ; "\x00\x01\x02\x03 ..."
        --pair  :: output in hexpair format        ; 00010203 ...
        --ansiC :: output in C format              ; 0x00, 0x01, 0x02, 0x03 ...
       -m|--md5    => md5 digest             ;  ./hURL -m "hello world"
       -e|--net    => int -> hex (net-byte order)   ;  ./hURL -e 4444
       -E|--NET    => hex (nEt-byte order) ->  int  ;  ./hURL -E 5c11
       -w|--wbin   => hex [file] -> binary [file]   ;  ./hURL -w -f <INfile> <OUTfile>
       -r|--rbin   => binary [file] -> hex (corelan);  ./hURL -r -f /tmp/msgbox.bin
        --esc   :: output in escaped string        ; "\x00\x01\x02\x03 ..."
        --pair  :: output in hexpair format        ; 00010203 ...
        --ansiC :: output in C format              ; 0x00, 0x01, 0x02, 0x03 ...
    
       --color|--nocolor  => enable/disable colored output [default is ENABLED]
       --corelan          => display corelan reference
       --help             => displays help
       --man              => displays extended help with examples
       --version          => displays version information
    
       -s                           => suppress (display result only)
       -f|--file <file1>,<file2>    => use file(s) as input
       [string]                     => string as input
    Last edited by fnord0; 07-14-2012 at 11:13 PM. Reason: updated to v2.1
    'see the fnords!'

  2. #2
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: hURL - hexadecimal & URL encoder + decoder

    Nice I can't wait to try it out. I don't know how many times I've had the exact same idea. I even starting coding a script in python and never got around to finishing it. Maybe this will inspire me to get it done.

  3. #3
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: hURL - hexadecimal & URL encoder + decoder

    UPDATED to v1.2 => added md5 digest capability, plus 'base64' and 'HTML' encode & decode options
    UPDATED to v1.3 => added "-s" suppress (minimal mode). combine with other tools (i.e. msfvenom)
    Last edited by fnord0; 06-18-2011 at 11:30 PM.
    'see the fnords!'

  4. #4
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    1

    Default Re: hURL - hexadecimal & URL encoder + decoder

    I need to decode URL twice. Is there a way I can pipe the output back into another hURL command?
    Something like this?
    Code:
    hURL -d -f urlencodedfile.log | hURL -d | less

  5. #5
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: hURL - hexadecimal & URL encoder + decoder

    natecitrix, I'm thinking u could use bash to accomplish yr desired results, just make sure your current shell is a bash shell (which is default in backtrack) and make use of the suppression command-line switch in hURL ;;

    Code:
    # RESULT=$(hURL -sdf urlencodedfile.log)| hURL -sd "$RESULT"

    obviously u can throw a "| less" command at the end if u like, let me know if this works for you - or if u would like me to add any specific feature to hURL. thanks for your post!-

    -fnord0
    Last edited by fnord0; 08-19-2011 at 08:01 AM.
    'see the fnords!'

  6. #6
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: hURL - hexadecimal & URL encoder + decoder

    UPDATED to v2.0 => added SHA1/224/256/384/512 + MANY CHANGES, script becomes similar in vein to radare's rax(2) base conversion tool.

    working on the offsec CTP test, and alot more with shellcode had me seeking out more conversion tools... rax(2) from radare is such a great app, and has many conversions I've been using, I figured why not implement alot of the rax(2) functionality into this script + many other options. which brings this script to today ::

    feel free to use/copy/comment, thanks

    hURL can be grabbed from here => github
    git clone git://github.com/fnord0/hURL.git

    /fnord0

    Code:
    .::[ hURL - hexadecimal & URL (en/de)coder v2.0 ]::.
      USAGE: ./hURL [U|u|B|b|H|h|X|x|I|i|n|N|T|t|F|l|o|O|0|1|2|3|4|5|6|m|e|E] [-s] [string|-f <filename>]
    
        COMMAND LINE ARGUMENTS
        -U     => URL encode        ;  ./hURL -U "hello world"
        -u     => uRL decode        ;  ./hURL -u "hello world"
        -B     => Base64 encode     ;  ./hURL -B "hello world"
        -b     => base64 decode     ;  ./hURL -b "aGVsbG8gd29ybGQ="
        -H     => HTML encode       ;  ./hURL -H "<hello world>"
        -h     => hTML decode       ;  ./hURL -h "&lt;hello world&gt;"
        -X     => ascii ->  heX     ;  ./hURL -X "hello world"
        -x     => hex   ->  ascii   ;  ./hURL -x "68656c6c6f20776f726c64"
        -I     => Int   ->  hex     ;  ./hURL -I "10"
        -i     => hex   ->  int     ;  ./hURL -i "0xa"
        -n     => -int  ->  hex     ;  ./hURL -n -- -77
        -N     => -hex  ->  iNt     ;  ./hURL -N 0xffffffb3
        -T     => inT   ->  bin     ;  ./hURL -T 30
        -t     => bin   ->  int     ;  ./hURL -t 1010
        -F     => Float ->  hex     ;  ./hURL -F 3.33
        -l     => hex   ->  flloat  ;  ./hURL -l 0x40551ed8
        -o     => octal ->  hex     ;  ./hURL -o 35
        -O     => hex   ->  Octal   ;  ./hURL -O 0x12
        -0     => bin   ->  hex     ;  ./hURL -0 1100011
        -1     => hex   ->  bin     ;  ./hURL -1 0x63
        -2     => SHA1 checksum     ;  ./hURL -2 "hello world"
        -3     => SHA224 checksum   ;  ./hURL -3 "hello world"
        -4     => SHA256 checksum   ;  ./hURL -4 "hello world"
        -5     => SHA384 checksum   ;  ./hURL -5 "hello world"
        -6     => SHA512 checksum   ;  ./hURL -6 "hello world"
        -m     => md5 digest        ;  ./hURL -m "hello world"
        -e     => int -> hex (network-byte order)    ;  ./hURL -e 4444
        -E     => hex (nEtwork-byte order) ->  int   ;  ./hURL -E 5c11
    
        -s               => suppress (display result only)
        -f <filename>    => use a file as input, instead of a string on the command-line
        --help           => displays help
        --version        => displays version information
    
            EXAMPLES:  ./hURL -b -s "aGVsbG8gd29ybGQ="
                       ./hURL -X -f /var/www/meterpreter.php
    Last edited by fnord0; 04-30-2012 at 04:27 AM.
    'see the fnords!'

  7. #7
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: hURL - hexadecimal & URL encoder + decoder

    updated to v2.1 - MANY changes have been implemented, anyone interested can always grab a copy from github
    git clone git://github.com/fnord0/hURL.git

    Code:
    :: hURL CHANGELOG ::
    05202012 => Peter Van Eeckhoutte/corelanc0d3r push string to stack function added (source: http://corelan.be|pvePushString.pl) - slight modifications
    05202012 => Getopt::Long for better command-line support
    05202012 => --man option for extended documentation done using Pod::Usage
    05202012 => color|nocolor optional support added
    05212012 => multi-file support (-f <file1>,<file2>)  +  bundling of multi-file && string on cmdline (-f <file1> -f <file2> "hello world")
    05272012 => rotate13/ROT13 encode + decode
    06022012 => sting2stack output formats added: ansiC format, escaped string, hexpairs format
    06022012 => ascii -> hex output formats added: escaped string, hexpairs
    06022012 => corelan reference added: adopted from https://redmine.corelan.be/projects/corelanart/
    07082012 => Peter Van Eeckhoutte/corelanc0der readbin function added (source: http://corelan.be|pveReadbin.pl) - slight modifications
    07082012 => Peter Van Eeckhoutte/corelanc0der inspired writebin function added (source: http://corelan.be|pveWritebin.pl)
    07082012 => added double URL encode + decode function
    07112012 => added a menu-driven interface, inspired by SET and WebSploit Toolkit
    PS: I did indeed incorporate code from corelan/peter and want to say I didn't just copy+paste, but actually made some modifications -- imho improvements -- to his scripts. fact being studying for the OSCE test has had me going over nearly all the corelan exploit tutorials and I found myself using his code so often, I figured why not merge it into this kinda all-in-one tool. within this script I have given proper attribution to all peter's code, and have even gone so far as to contacting him via #corelan chat on freenode to get his blessing to re-use his code from pveReadbin.pl/pveWritebin.pl/pvePushString.pl (if he reads this, THANK YOU AGAIN!)

    my primary reason for posting this here, is that Im thinking most people who are going to be utilizing the OffSec courses may be the ones who could benefit from this tool the most =) if not, hey, no harm, no foul. (that's the intention at least, heh)

    most of all, this tool has been a time saver for me and my studying, and has helped me learn to program new things with perl.

    @b333f thanks much for the kind words! sorry for the late reply, Ive been all sorts of busy lately

    /fnord0
    Last edited by fnord0; 07-17-2012 at 05:21 AM.
    'see the fnords!'

Similar Threads

  1. PWNtcha - captcha decoder
    By firebits in forum Tool Requests
    Replies: 0
    Last Post: 03-04-2011, 05:48 PM
  2. Shellcode doesnt do what its supposed to! (on any encoder)
    By b3r00tb4ck in forum OLD Pentesting
    Replies: 3
    Last Post: 09-22-2009, 10:20 AM
  3. lzma: Decoder error+wpa_psk-h1kari_renderman
    By Jano in forum OLD General IT Discussion
    Replies: 1
    Last Post: 02-22-2009, 09:06 PM
  4. did somebody test Xplico -Internet Traffic Decoder?
    By abyss in forum OLD General IT Discussion
    Replies: 1
    Last Post: 11-17-2008, 10:06 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •