Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. JavaScript Encode As

Professional Community

JavaScript Encode As

Download BApp

This extension allows you to encode strings in the JavaScript format (i.e. Unicode/Hex), similar to Burp's Convert-To but specifically for within JSON/JavaScript.

This can be useful for bypassing WAF's/web application validation, particularly if the value is later returned as is and read by JavaScript in the browser.

Three types of encoding are supported:

  • Unicode (\uHHHH)
  • Unicode Aware (\u{H-HHHHHH})
  • Hex (\xHH)

Usage

You can use this extension in places where you can modify text. For example, Repeater, Intruder.

To use this extension, you can "Right-click -> Extensions -> JavaScript EncodeAs -> (Select encoding choice)".

Text should be encoded in JavaScript-friendly format.

Encoding choices

Unicode:

  • Unicode Encode Non-Alpha (\u0061abcd)
    Unicode Encodes Non-Alpha Characters, for example:
    <script>alert(1)</script> -> \u003Cscript\u003Ealert\u00281\u0029\u003C\u002Fscript\u003E
  • Unicode Encode All Characters (\u0061)
    Unicode Encodes All Characters, for example:
    <script>alert(1)</script> -> \u003C\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029\u003C\u002F\u0073\u0063\u0072\u0069\u0070\u0074\u003E

Unicode aware:

  • Unicode Aware Encode Non-Alpha (\u{61}abcd)
    Unicode Aware Encodes Non-Alpha Characters, for example:
    <script>alert(1)</script> -> \u{3c}script\u{3e}alert\u{28}1\u{29}\u{3c}\u{2f}script\u{3e}
  • Unicode Aware Encode All Characters (\u{61})
    Unicode Aware Encodes All Characters, for example:
    <script>alert(1)</script> -> \u{3c}\u{73}\u{63}\u{72}\u{69}\u{70}\u{74}\u{3e}\u{61}\u{6c}\u{65}\u{72}\u{74}\u{28}\u{31}\u{29}\u{3c}\u{2f}\u{73}\u{63}\u{72}\u{69}\u{70}\u{74}\u{3e}

Hex:

  • Hex Encode Non-Alpha (\x61abcd)
    Hex Encodes Non-Alpha Characters for example:
    <script>alert(1)</script> -> \x3Cscript\x3Ealert\x281\x29\x3C\x2Fscript\x3E
  • Hex Encode All Characters (\x61)
    Hex Encodes All Characters for example:
    <script>alert(1)</script> -> \x3C\x73\x63\x72\x69\x70\x74\x3E\x61\x6C\x65\x72\x74\x28\x31\x29\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E

Author

 Author

ret2desync

Version

 Version

1.0

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

31 January 2025

Estimated system impact

 Estimated system impact

Overall impact: Empty

Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.