Converts characters from one encoding to another using a transformation. This tool will help you encode payloads in testing sql injections, XSS holes and site security.
Convert the region you selected or convert all characters.
- String <=> Base64, Base32, Base16
- String <=> Hex
- String <=> EncodedURL
- String <=> Encoded URL All Characters
- IPv4 <=> Number
- String => HTML Entities
- String => HTML10
- String => HTML16
- (HTML Entities, HTML10, HTML16) => String
- String => MD5 (32bit, 16bit)
- String => SHA1, SHA224, SHA256, SHA384, SHA512
- String => StringFromCharCode (10 Decimal, 8 Octal, 16 Hex)
- String => PHP CHR (10 Decimal, 8 Octal, 16 Hex)
- String => Python chr (10 Decimal, 8 Octal, 16 Hex)
- String => Oracle CHR (10 Decimal, 8 Octal, 16 Hex)
- String => MySQL CHAR (10 Decimal, 8 Octal, 16 Hex)
- UnChr (StringFromCharCode, CHR, CHAR => String)
- String <=> Rot13
- String <=> Unicode
- String <=> Morse
- String => Bash
- String => PowerShell
- String => Python
- String => Perl
- String => RandomCase
See more at ChangeLog
You can open the command palette by pressing (Ctrl+Shift+P or Cmd+Shift+P on Mac), type xssencode and choice your action.
- String <=> Base64
eg:
a1@& <=> YTFAJg== - String <=> Base32
eg:
a1@& <=> MEYUAJQ= - String <=> Base16
eg:
abc <=> 616263 - String <=> Hex
eg:
abc <=> 616263 - String <=> EncodedURL
eg:
a=b&c=d <=> a%3Db%26c%3Dd - String <=> Encoded URL All Characters
eg:
a=b&c=d <=> %61%3d%62%26%63%3d%64 - IPv4 <=> Number
eg:
192.168.1.1 <=> 3232235777 - String => HTML Entities
eg:
123!@#' => 123!@#' - String => HTML10
eg:
123!@#' => 123!@#' - String => HTML16
eg:
123!@#' => 123!@#' - (HTML Entities, HTML10, HTML16) => String
eg:
123!@#' => 123!@#' 123!@#' => 123!@#' 123!@#' => 123!@#' - String => MD5 (32bit, 16bit)
eg:
123 => 202cb962ac59075b964b07152d234b70 123 => ac59075b964b0715 - String => SHA1, SHA224, SHA256, SHA384, SHA512
eg:
123 => 40bd001563085fc35165329ea1ff5c5ecbdbbeef 123 => 78d8045d684abd2eece923758f3cd781489df3a48e1278982466017f 123 => a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 123 => 9a0a82f0c0cf31470d7affede3406cc9aa8410671520b727044eda15b4c25532a9b5cd8aaf9cec4919d76255b6bfb00f 123 => 3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2 - String => StringFromCharCode (10 Decimal, 8 Octal, 16 Hex)
eg:
abc => String.fromCharCode(97,98,99) abc => String.fromCharCode(0141,0142,0143) abc => String.fromCharCode(0x61,0x62,0x63) - String => PHP CHR (10 Decimal, 8 Octal, 16 Hex)
eg:
abc => ChR(97).ChR(98).cHr(99) abc => ChR(0141).CHR(0142).cHR(0143) abc => chr(0x61).Chr(0x62).CHr(0x63) - String => Python chr (10 Decimal, 8 Octal, 16 Hex)
eg:
abc => chr(97)+chr(98)+chr(99) abc => chr(0141)+chr(0142)+chr(0143) abc => chr(0x61)+chr(0x62)+chr(0x63) - String => Oracle CHR (10 Decimal, 8 Octal, 16 Hex)
eg:
abc => chr(97)||chR(98)||Chr(99) abc => CHR(0141)||cHR(0142)||cHR(0143) abc => cHR(0x61)||ChR(0x62)||chr(0x63) - String => MySQL CHAR (10 Decimal, 8 Octal, 16 Hex)
eg:
abc => CHAr(97,98,99) abc => ChAR(0141,0142,0143) abc => ChAR(0x61,0x62,0x63) - UnChr (StringFromCharCode, CHR, CHAR => String)
eg:
chr(97)+chr(98)+chr(99) => abc ChR(97).CHR(0141).chr(0x61) => aaa - String <=> Rot13
eg:
abc <=> nop - String <=> Unicode
eg:
转为 unicode <=> \u8f6c\u4e3a\u0020\u0075\u006e\u0069\u0063\u006f\u0064\u0065 - String <=> Morse
short =>
.long =>-space =><space>or/
eg:
MORSE电码 <=> -- --- .-. ... . ---.-.-..--.-.- ----..........- --/---/.-./..././---.-.-..--.-.-/----..........- => MORSE电码 - String => Bash/PowerShell/Python/Perl
java.lang.Runtime.exec() Payload Workarounds
ls -al / => bash -c {echo,bHMgLWFsIC8g}|{base64,-d}|{bash,-i} net user => powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc bgBlAHQAIAB1AHMAZQByAA== ls -al / => python -c exec('bmV0IHVzZXJscyAtYWwgLw=='.decode('base64')) ls -al / => perl -MMIME::Base64 -e eval(decode_base64('bmV0IHVzZXJscyAtYWwgLw==')) - String => RandomCase
eg:
phpinfo(); => phPiNfo(); phpinfo(); => PhpINFo();