magic-web-string-parser
Advanced tools
A hacky pentest lib to recursively map any property encoded in a string, change theirs values, and re-encode keeping the original encoding structure.
A lib to recursively map any property encoded in a String, change theirs values, and re-encode keeping the original encoding structure.
While this is working, that's an hacky not tested hack/pentest tool lib with probable various false positive matchs
For now can deal with : Paths, Base64, Json, Query String, MultiLines blob, Http Request, Url & coma Key value list
BTC : bc1qh43j8jh6dr8v3f675jwqq3nqymtsj8pyq0kh5a
Paypal : 
const mwsp = require("magic-web-string-parser");
let parsed = mwsp.parse("...");
parsed.set(
jsonPathSelector, // Ex: $..Prop.*.value[?(@.isLeaf)]
newValue, // value to set
enumerate, // do return an array with 1 stringified versions per replaced value ( will not set the given values on the current instance )
raw // do set as raw Json
) // return one of :
// - array of 1 serialized version per replaced value
// - the serialized strings with provided value in all selected node
parsed.get(
jsonPathSelector // Ex: $..Prop.*.value[?(@.isLeaf)]
) // return jsonPath selection
parsed.stringify() // return as string with updated values
$ npm i -g magic-web-string-parser
$ mws-decode -h
Help :
(StdIn) : Input string ( Ex : mws-decode <<< "someStringToParse" )
-i, --input : Input string
--raw : Output query-able parsed tree
--vars : Output all props found with theirs raw values
--stats : Output all found types with theirs occurrences count
-p, --path : Output with Json Paths
-s, --select : Select matching nodes, set new value if provided, print results
Ex :
Set & select a value in all Json / Qs leaf props ( having a primitive value like Number, String,... ) :
-s="$..Prop.*.value[?(@.isLeaf)] << payload"
Set & select a value in all Json / Qs leaf props with a key matching /url/ig :
-s="$..Prop[?(/url/ig.test(@.key))].value[?(@.isLeaf)] << payload"
Select all Paths found in a child prop of a Qs section :
-s="$..Qs..Path"
$ mws-recode -h
Help :
(StdIn) : Input string ( Ex : mws-recode <<< "someStringToParse" )
-i, --input : Input string
-e, --enumerate : stringify input once per replaced value
--json : output in Json
-s, --set : Set a new value in selected items
Ex :
Set a value in all Json / Qs leaf props ( having a primitive value like Number, String,... ) :
-s="$..Prop.*.value[?(@.isLeaf)] << payload"
Set a value in all Json / Qs leaf props with a key matching /url/ig :
-s="$..Prop[?(/url/ig.test(@.key))].value[?(@.isLeaf)] << payload"
Set a raw value in all Qs root props :
-s="$..QsObject.*.Prop.*.value <<< {\"__proto__\":{\"toString\":\"toKill\"}}"
Replace all Paths found in a child prop of a Qs section :
-s="$..Qs..Path << /path/traversal/1337"
$ npm i -g magic-web-string-parser
$ mws-recode -s="$..Prop[?(/^test/ig.test(@.key))].value << /1337" <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
/zolizoli/%7B%22test%22%3A%22%2F1337%22%7D/path?test=%2F1337&yuup=%7B%22test%22%3A%22%2F1337%22%7D
$ mws-recode -s="$..Prop[?(/^re/ig.test(@.key))].value[?(@.isLeaf)] << /1337" <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
/zolizoli/%7B%22test%22%3A%7B%22retest%22%3A%22%2F1337%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0NeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22%3A%7B%22retest%22%3A%22%2F1337%22%7D%7D
$ mws-recode -s="$..Prop[?(/yo/ig.test(@.key))].value << /1337" <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
/zolizoli/%7B%22test%22%3A%7B%22retest%22%3A%22value%22%7D%7D/path?test=eyJ5byI6Ii8xMzM3In0NeyJ5byI6Ii8xMzM3In0%3D&yuup=%7B%22test%22%3A%7B%22retest%22%3Atrue%7D%7D
$ mws-recode -s="$..Prop[?(/^re/ig.test(@.key))].value[?(@.isLeaf)] <<< {\"obj\":1337}" <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
/zolizoli/%7B%22test%22%3A%7B%22retest%22%3A%7B%22obj%22%3A1337%7D%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0NeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22%3A%7B%22retest%22%3A%7B%22obj%22%3A1337%7D%7D%7D
& mws-recode -e -s="$..Prop[?(/^test/ig.test(@.key))].value << /1337" <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
/zolizoli/%7B%22test%22%3A%22%2F1337%22%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0NeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22%3A%7B%22retest%22%3Atrue%7D%7D
/zolizoli/%7B%22test%22%3A%7B%22retest%22%3A%22value%22%7D%7D/path?test=%2F1337&yuup=%7B%22test%22%3A%7B%22retest%22%3Atrue%7D%7D
/zolizoli/%7B%22test%22%3A%7B%22retest%22%3A%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0NeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22%3A%22%2F1337%22%7D
& mws-recode --json -e -s="$..Prop[?(/^test/ig.test(@.key))].value << /1337" <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
["/zolizoli/%7B%22test%22%3A%22%2F1337%22%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0NeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22%3A%7B%22retest%22%3Atrue%7D%7D","/zolizoli/%7B%22test%22%3A%7B%22retest%22%3A%22value%22%7D%7D/path?test=%2F1337&yuup=%7B%22test%22%3A%7B%22retest%22%3Atrue%7D%7D","/zoli
zoli/%7B%22test%22%3A%7B%22retest%22%3A%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0NeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22%3A%22%2F1337%22%7D"]
$ mws-decode <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
UrlPath[0]
- "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
Path[0]
- "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path"
PathItem[0]
- "zolizoli"
String[0]
- "zolizoli"
PathItem[1]
- "%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D"
Json[0]
- "{\"test\":{\"retest\":\"value\"}}"
JsonObject[0]
- "{\"test\":{\"retest\":\"value\"}}"
Prop[0] test =
- "{\"retest\":\"value\"}"
Prop[0] retest =
- "value"
PathItem[2]
- "path"
String[0]
- "path"
PathQuery[0]
- "test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
Qs[0]
- "test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
QsObject[0]
- "{\"test\":\"eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ==\",\"yuup\":\"{\\\"test\\\":{\\\"retest\\\":true}}\"}"
Prop[0] test =
- "eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ=="
MultiLines[0]
- "{\"yo\":\"yo❤️\"}\n{\"yo\":\"next❤️\"}"
Line[0]
Json[0]
- "{\"yo\":\"yo❤️\"}"
JsonObject[0]
- "{\"yo\":\"yo❤️\"}"
Prop[0] yo =
- "yo❤️"
Line[1]
Json[0]
- "{\"yo\":\"next❤️\"}"
JsonObject[0]
- "{\"yo\":\"next❤️\"}"
Prop[0] yo =
- "next❤️"
Prop[1] yuup =
- "{\"test\":{\"retest\":true}}"
QsObject[0]
- "{\"test\":{\"retest\":true}}"
Prop[0] test =
- "{\"retest\":true}"
Prop[0] retest =
- true
$ mws-decode --stats <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
UrlPath : 1 items
Path : 1 items
PathItem : 3 items
String : 5 items
Json : 3 items
JsonObject : 4 items
Prop : 8 items
PathQuery : 1 items
Qs : 2 items
QsObject : 3 items
Base64 : 1 items
MultiLines : 1 items
Line : 2 items
Boolean : 1 items
$ mws-decode --vars <<< "/zolizoli/%7B%22test%22:%7B%22retest%22:%22value%22%7D%7D/path?test=eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ%3D%3D&yuup=%7B%22test%22:%7B%22retest%22:true%7D%7D"
test = "{\"retest\":\"value\"}"
retest = "value"
test = "eyJ5byI6Inlv4p2k77iPIn0KeyJ5byI6Im5leHTinaTvuI8ifQ=="
yo = "yo❤️"
yo = "next❤️"
yuup = "{\"test\":{\"retest\":true}}"
test = "{\"retest\":true}"
retest = true
FAQs
A hacky pentest lib to recursively map any property encoded in a string, change theirs values, and re-encode keeping the original encoding structure.
The npm package magic-web-string-parser receives a total of 4 weekly downloads. As such, magic-web-string-parser popularity was classified as not popular.
We found that magic-web-string-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
Security News
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.