forked from davidson679/Bypass-Web-Application-Firewalls
-
Notifications
You must be signed in to change notification settings - Fork 0
/
HTMLEscape4CharacterFuzzing.py
17 lines (15 loc) · 1.19 KB
/
HTMLEscape4CharacterFuzzing.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Created an ascii file filled with combinations of 1 HTML escape characters
# Based on the theory that web application firewalls don't filter HTML Escape characters
# and browsers can parse weird escape combinations in unexpected ways
# which may allow for web application firewall bypass / HTML render anomalies
import argparse
parser = argparse.ArgumentParser(description='Created an ascii file filled with all combinations of HTML escape characters.')
parser.add_argument("-out", type=argparse.FileType("wb"),default="HTMLEscape4CharactersFuzz.txt",help='filename to write output')
parser.add_argument("-rangeStart", metavar='N', type=int, nargs='+', default=33, help='character range to start at 0-256')
parser.add_argument("-rangeStop", metavar='N', type=int, nargs='+', default=126,help='character range to stop at 0-256')
args = parser.parse_args()
for a in xrange(args.rangeStart,args.rangeStop):
for b in xrange(args.rangeStart, args.rangeStop):
for c in xrange(args.rangeStart, args.rangeStop):
for d in xrange(args.rangeStart, args.rangeStop):
args.out.write("&#" + str(a) + str(b) + str(c) + str(d) +";")