Landing Encoder

Mon Aug 18 2014 09:01:24 GMT+0100 (EEST)

Most of you are already familiar with Websecurify Arena - the swiss army knife for doing almost anything you can think of with data. It is a powerful and versatile tool but you need to master a bit of programming. It is not point-and-click so-to-say. Never mind that because now we have a new commer that will make your life much easier when it comes to encoding and decoding data in various formats.

websecurify suite encoder

The Encoder is a very simple and intuitive tool, which you can use to convert data from one format into another. Moreover, you can chain different formats and encode or decode the data live, as you type. The following formats are currently supported:

  • Base64
  • URL encoding
  • HTML entity encoding
  • Pynicode
  • Hashing (md5, sha1, sha256)
  • Hexdump

Additional formats will be introduced soon. The plan is to add Inflate, Deflate, Gzip and Gunzip in the upcoming version.

Here are a few interesting ways you can make use of the Encoder.

Case Study 01 - Calculating Session Id Live

Imagine that we need to figure out the session Id for a user. We know how the hash is constructed but we want to experiment with the data in order to figure out the exact value. Here is a screenshot how we set the Encoder to achieve the desired result.

websecurify suite encoder

Case Study 02 - Decoding Binary Data

The application expects a value in base64 format. We want to decode the value and print it in hexdump format in order to analyze the individual bytes. This is how this particular setup will look in the Encoder.

websecurify suite encoder

Case Study 03 - Sharing Encoder Flow

Imagine that we are working with the Encoder and we think we finally got the chain of conversions we need in order to achieve the desired effect. Now we need to tell the world how we did it. We can use the Encoder sharing function as illustrated in the screenshot bellow.

websecurify suite encoder

In Conclusion

As you can see, the Encoder is very versatile and easy to use. Moreover, it is 100% free. It is available online but it works in offline mode too. You don't have to be connected to use the tool - like all other Suite tools.

The Encoder can be used during your penetration tests, development workflows and wherever you find fit for it. You can easily share encoder configurations on your wiki or emails between team members. It is a tool designed to be shared.

As usual, we will be delighted to get your feedback. Also, do not hesitate to get in touch if you find bugs or if you wish to make us certain improvements that you will make the tool a better fit for your needs.

Comments Powered ByDisqus