Your Next ENcoder

Now With A Text Builder

Thu Feb 09 2017 14:09:14 GMT+0000 (GMT)

The ENcoder is a very useful tool when it comes to breaking complex chains of encapsulated data, such as if you are to decode a Base64 string, parse it somehow and create a SHA256 hash of the output - all dynamically.

Traditionally the ENcoder works with a sequence of steps, where each step is generated via one of the available transforms. This functionality typically provides enough flexibility for most cases but there are situations when it is simply not enough. This is why now you can not only sequence transforms, as you typically would, but also use our powerful text building system which allows you to apply transforms inside the original input and as such generate very, very powerful transformations easily that go beyond the traditional single dimension achieved with this tool.

The following example, although rather trivial, illustrates how powerful this feature is.

In the screenshot above we are decoding a Base64 string, representing Basic Auth username and password, which was built with a dynamic value which was generated by inner text transform. Useful but not as cool as what is coming next.

This example is slightly better. We are building a JSON payload which contains a message value that is generated with a generator that is properly escaped for JSON encapsulation. The JSON payload is is minified and outputted as a Python or Ruby string (C/C++ also supported).

We can see how the message attribute is built by opening up the dynamic value. If you click on the dynamic field, you will be presented with the following levels of encapsulations as seen in the screenshot bellow.

Due to the very powerful nature of the text builder, we can employ many of the available features to do some amazing hackery without touching any programming language. Here is an example where an attacker is generating a JWT payload that is signed with the None algorithm. The output value is printed than decoded and prettified for all to see.

Now this is really cool! It makes JWT hacking a lot easier but we are going to talk about this in the next post.

As you can see, this subtitle change will take your hacking skills to the next level. We are sure of it. It certainly makes my life easier when hunting for interesting bugs. For more updates, simply follow us on twitter. More awesome stuff are coming very soon!

Comments Powered ByDisqus