很多時候我們因為某些私人的理由希望透過一些方法來繞過程式對字串的檢查,最常見的方法就是將這些字元的編碼方式改變,例如將字元改為HEX的編碼方式,在入侵過程中,SQL Injection跟XSS都可以透過這個方法來繞過一些程式的檢查,字元的轉換我們可以透過查詢對照表的方式來做對應,但是這種方法非常的費時,所以如果有程式來幫忙處理的話豈不是輕鬆愉快?
在XSS Cheat Sheet中已經有提供編碼互轉的貼心小服務,不過我還是上網找了一下在PHP中如何針對字元編碼轉換的程式,程式碼如下:
Binary 跟 ASCII互轉
| function asc2bin($str) { $text_array = explode("\r\n", chunk_split($str, 1)); for ($n = 0; $n < count($text_array) - 1; $n++) { $newstring .= substr("0000".base_convert(ord($text_array[$n]), 10, 2), -8); } $newstring = chunk_split($newstring, 8, " "); return $newstring; } function bin2asc($str) { $str = str_replace(" ", "", $str); $text_array = explode("\r\n", chunk_split($str, 8)); for ($n = 0; $n < count($text_array) - 1; $n++) { $newstring .= chr(base_convert($text_array[$n], 2, 10)); } return $newstring; } |
ASCII 與 HEX互轉
| function asc2hex($str) { return chunk_split(bin2hex($str), 2, " "); } function hex2asc($str) { $str = str_replace(" ", "", $str); for ($n=0; $n<strlen($str); $n+=2) { $newstring .= pack("C", hexdec(substr($str, $n, 2))); } return $newstring; } |
Binary 與 HEX互轉
| function binary2hex($str) { $str = str_replace(" ", "", $str); $text_array = explode("\r\n", chunk_split($str, 8)); for ($n = 0; $n < count($text_array) - 1; $n++) { $newstring .= base_convert($text_array[$n], 2, 16); } $newstring = chunk_split($newstring, 2, " "); return $newstring; } function hex2binary($str) { $str = str_replace(" ", "", $str); $text_array = explode("\r\n", chunk_split($str, 2)); for ($n = 0; $n < count($text_array) - 1; $n++) { $newstring .= substr("0000".base_convert($text_array[$n], 16, 2), -8); } $newstring = chunk_split($newstring, 8, " "); return $newstring; } |
全站熱搜
留言列表
IT技術 (4)