-
Notifications
You must be signed in to change notification settings - Fork 75
Expand file tree
/
Copy pathHTMLEscape1CharacterFuzzing.py
More file actions
14 lines (12 loc) · 960 Bytes
/
HTMLEscape1CharacterFuzzing.py
File metadata and controls
14 lines (12 loc) · 960 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Created an ascii file filled with combinations of 1 HTML escape characters
# Based on the theory that web application firewalls don't filter HTML Escape characters
# and browsers can parse weird escape combinations in unexpected ways
# which may allow for web application firewall bypass / HTML render anomalies
import argparse
parser = argparse.ArgumentParser(description='Created an ascii file filled with all combinations of HTML escape characters.')
parser.add_argument("-out", type=argparse.FileType("wb"),default="HTMLEscape1CharactersFuzz.txt",help='filename to write output')
parser.add_argument("-rangeStart", metavar='N', type=int, nargs='+', default=33, help='character range to start at 0-256')
parser.add_argument("-rangeStop", metavar='N', type=int, nargs='+', default=126,help='character range to stop at 0-256')
args = parser.parse_args()
for a in xrange(args.rangeStart,args.rangeStop):
args.out.write("&#"+str(a)+";")