hexpayloadzapfuzzing

zaproxy fuzzing hex payload processor


I'm trying to fuzz a cookie with Zaproxy. The cookie is missing one character so i made a prefix processor with the cookie md5 hash and am adding an alphanumeric character to the end..all good but the original value is encoded twice..once with base64 then with hex. I'm trying to find a hex payload processor to accomplish this but it doesn't seem to exist although there is an option under the menu item 'encode/decode/hash' to encode or decode from/to ASCII hex. Is there another way to do this?


Solution

  • I believe this does what you need: https://github.com/zaproxy/community-scripts/blob/main/payloadprocessor/to-hex.js

     /**
     * Converts a string payload to hex.
     * 
     * Created to add functionality found in Burp to solve Natas19
     * https://www.youtube.com/watch?v=z3RtpWZ_R3Q
     *
     * EN10
     */
    
    function process(payload) {
      var hex = '';
      var i;
      for (i = 0; i < payload.length; i++) {
        hex += payload.charCodeAt(i).toString(16);
      }
      return hex;
    }
    

    According to this comment: Javascript character (ASCII) to Hex you might have to add a bit of handling for any characters whose code point is below 16.