Hackvertor logo

unicodeTruncation

Converts ASCII characters to characters that end with the hex byte of the character being converted. See https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922

Created by: hackvertor
Installed 1 times

Category: Charsets

Created on: Monday, January 20, 2025 at 9:28:10 AM

Updated on: Tuesday, January 21, 2025 at 2:22:27 PM

This is a built in tag
Tag arguments
[
   {
      "type": "number",
      "help": "Position to start from",
      "defaultValue": "20000"
   },
   {
      "type": "number",
      "help": "Position to end",
      "defaultValue": "30000"
   }
]
Code
class unicodeTruncation {
  encode(input, start, end) {
    return input
      .split("")
      .map((chr) => {
        const codePoint = chr.codePointAt(0);
        if (codePoint > 0x7f) {
          return chr;
        }
        const output = [];
        for (let i = start; i <= end; i++) {
          let hex = i.toString(16).toLowerCase().padStart('0', 6);
          if (hex.endsWith(codePoint.toString(16).toLowerCase().padStart(2, '0'))) {
            output.push(String.fromCodePoint(i));
          }
        }
        return output.join("");
      })
      .join("");
  }
}