Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?
First up, figure out what characters you want to send. For the purposes of this demonstration I’ll be using the Kanji for “First Order” which is 部首順 (and not related to Star Wars, but we can pretend).
Next, find the actual bytes used to represent this. One of the easiest ways is to search Google for a page contain the characters, then hexdump the result. For this approach you can do it as follows (assuming you’re using Linux, which is my global assumption):
- Navigate to a page with the character(s) on it. I’m using Encodings of Japanese for this example.
- Note what text is right near the character(s)
- Save the page as a file locally by right clicking and choosing “Save As…” (I’ll say it was saved as NonStandardChars.html)
- In a terminal grep for the text near the character(s) to isolate where they are
- Add an “xxd” command to get the raw hex values
- Review the results to find the non-printable character bytes in the expected position (in this case, it was “e9 83 a8 e9 a6 96 e9 a0 86”, and I added the -c 30 to make it easier to read)
Or you could just reference the definitions themselves if you want to be more holistic about it. 🙂
Now we need to add them to our query. In this case I’m using the W3 Schools online tutorial on posting to a form if you want to try it yourself. First we capture the request in BurpSuite, same as normal, then send it to Repeater ( you could of course edit this during an intercept as well, but Repeater is easier in my opinion).
To add the non-printable characters just do the following:
- Determine how many bytes will be used by the target characters (9 bytes in my example above).
- Make sure you have something to easily replace in your request, such as capital letter D (which convenietly becomes “44” in hex), and that you have enough of them to cover the new content (e.g. “DDDDDDDDD” for this case)
- Click on the “Hex” tab in your request pane of BurpSuite and find the text to replace.
- Edit the individual bytes to the hex values you noted in step 6 above.
- Submit for great #Victory
That’s it! Good Hunting!
Leave a Reply