Client Side Obfuscator Module

#Client Side Obfuscator This utilises the javascript escape and unescape functions. They can be used to prevent XSS attacks or encode them while attacking instead of preventing if minor filters are set. How it works is it replaces all characters with hexadecimal equivalents in the %XX format. This replacement however excludes the following characters @*_+-./.

To use this feature:

Click on Web Utils
Click Client Obfuscator
Paste your payload or string in the text area e.g.

<script>alert("mth3l3m3nt");</script>

Successfull encoding will result in an output as below that you can use in the test :

<script>
<!--
document.write(unescape("%3Cscript%3Ealert%28%22mth3l3m3nt%22%29%3B%3C/script%3E"));
//-->
</script>

It may also come in handy if you want to prevent hotlinking on your phishing pages as it can obfuscate your full HTML page to this format.

Client Side Obfuscation Success

To reverse the effect paste the encoded payload and click Deobfuscate.

Developed by Munir Njiru

Developer Website

Project Site

Mailing List

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Client Side Obfuscator Module

Clone this wiki locally