Added a script for easy payload obfuscation

2024-10-01 04:35:35 -04:00 · 2019-03-29 11:19:02 +05:30 · 2019-03-29 11:19:02 +05:30 · 40ee2bc005
commit 40ee2bc005
parent 427d13a7b0
2 changed files with 96 additions and 0 deletions
--- a/others/README.md
+++ b/others/README.md
@ -0,0 +1,34 @@
+## [`obfu.py`](https://github.com/0xinfection/awesome-waf/blob/master/other/obfu.py)
+> A small script to encode and obfuscate your payloads easily to your desired encodings.
+
+### Usage:
+```
+$ python obfu.py -h
+
+        OBFUSCTOR
+
+usage: python3 obfu.py [-h] [-s STR] [-e ENC] [-ueo] [-udi]
+
+Required Arguments:
+  -s STR, --str STR  String to obfuscate
+  -e ENC, --enc ENC  Encoding type. eg: ibm037, utf16, etc
+
+Optional Arguments:
+  -ueo               URL Encode Output
+  -udi               URL Decode Input
+```
+### Example Usage:
+```
+python3 obfu.py -s param=<svg/onload=prompt()// -e ibm037 -ueo
+```
+```
+$ python obfu.py -s 'param=<svg/onload=prompt()//' -e ibm037 -ueo
+
+        OBFUSCATOR
+
+Input: param=<svg/onload=prompt()//
+Output: %97%81%99%81%94~L%A2%A5%87a%96%95%93%96%81%84~%97%99%96%94%97%A3M%5Daa
+```
+
+### Sidenote:
+This script can encode in all types of formats which are supported by the Python Engine.
--- a/others/obfu.py
+++ b/others/obfu.py
@ -0,0 +1,62 @@
+import urllib.parse, sys
+from argparse import ArgumentParser
+lackofart = '''
+        OBFUSCATOR
+'''
+
+def paramEncode(params="", charset="", encodeEqualSign=False, encodeAmpersand=False, urlDecodeInput=True, urlEncodeOutput=True):
+    result = ""
+    equalSign = "="
+    ampersand = "&"
+    if '=' and '&' in params:
+        if encodeEqualSign:
+            equalSign = equalSign.encode(charset)
+        if encodeAmpersand:
+            ampersand = ampersand.encode(charset)
+        params_list = params.split("&")
+        for param_pair in params_list:
+            param, value = param_pair.split("=")
+            if urlDecodeInput:
+                param = urllib.parse.unquote(param)
+                value = urllib.parse.unquote(value)
+            param = param.encode(charset)
+            value = value.encode(charset)
+            if urlEncodeOutput:
+                param = urllib.parse.quote_plus(param)
+                value = urllib.parse.quote_plus(value)
+            if result:
+                result += ampersand
+            result += param + equalSign + value
+    else:
+        if urlDecodeInput:
+            params = urllib.parse.unquote(params)
+        result = params.encode(charset)
+        if urlEncodeOutput:
+            result = urllib.parse.quote_plus(result)
+    return result
+
+def main():
+    print(lackofart)
+    parser = ArgumentParser('python3 obfu.py')
+    parser._action_groups.pop()
+
+    # A simple hack to have required arguments and optional arguments separately
+    required = parser.add_argument_group('Required Arguments')
+    optional = parser.add_argument_group('Optional Arguments')
+
+    # Required Options
+    required.add_argument('-s', '--str', help='String to obfuscate', dest='str')
+    required.add_argument('-e', '--enc', help='Encoding type. eg: ibm037, ibm420, etc', dest='enc')
+
+    # Optional Arguments (main stuff and necessary)
+    optional.add_argument('-ueo', help='URL Encode Output', dest='ueo', action='store_true')
+    optional.add_argument('-udi', help='URL Decode Input', dest='udi', action='store_true')
+    args = parser.parse_args()
+    if not len(sys.argv) > 1:
+        parser.print_help()
+        quit()
+    print('Input: %s' % (args.str))
+    print('Output: %s' % (paramEncode(params=args.str, charset=args.enc, urlDecodeInput=args.udi, urlEncodeOutput=args.ueo)))
+
+if __name__ == '__main__':
+    main()