Security Testing 简明教程
Security Testing - Encoding and Decoding
What is Encoding and Decoding?
编码是将字母、数字和其他特殊字符等一系列字符转换成专门格式以便高效传输的过程。
Encoding is the process of putting a sequence of characters such as letters, numbers and other special characters into a specialized format for efficient transmission.
解码是将编码格式转换回原字符序列的过程。它与加密完全不同,我们通常会错误地理解它。
Decoding is the process of converting an encoded format back into the original sequence of characters. It is completely different from Encryption which we usually misinterpret.
编码和解码用于数据通信和存储。编码不应该用于传输敏感信息。
Encoding and decoding are used in data communications and storage. Encoding should NOT be used for transporting sensitive information.
URL Encoding
URL 只能使用 ASCII 字符集在 Internet 上发送,并且在 URL 中包含除了 ASCII 字符之外的特殊字符时,需要对 URL 进行编码。URL 不包含空格,空格被加号 (+) 或 %20 替换。
URLs can only be sent over the Internet using the ASCII character-set and there are instances when URL contains special characters apart from ASCII characters, it needs to be encoded. URLs do not contain spaces and are replaced with a plus (+) sign or with %20.
ASCII Encoding
浏览器(客户端)会根据网页中使用的字符集对输入进行编码,而 HTML5 中的默认字符集是 UTF-8。
The Browser (client side) will encode the input according to the character-set used in the web-page and the default character-set in HTML5 is UTF-8.
下表显示了字符的 ASCII 符号及其等效符号,最后是其在传递给服务器之前可以在 URL 中使用的替换符号。
Following table shows ASCII symbol of the character and its equal Symbol and finally its replacement which can be used in URL before passing it to the server −
ASCII |
Symbol |
Replacement |
< 32 |
Encode with %xx where xx is the hexadecimal representation of the character. |
|
32 |
space |
+ or %20 |
33 |
! |
%21 |
34 |
" |
%22 |
35 |
# |
%23 |
36 |
$ |
%24 |
37 |
% |
%25 |
38 |
& |
%26 |
39 |
' |
%27 |
40 |
( |
%28 |
41 |
) |
%29 |
42 |
* |
* |
43 |
+ |
%2B |
44 |
, |
%2C |
45 |
- |
- |
46 |
. |
. |
47 |
/ |
%2F |
48 |
0 |
0 |
49 |
1 |
1 |
50 |
2 |
2 |
51 |
3 |
3 |
52 |
4 |
4 |
53 |
5 |
5 |
54 |
6 |
6 |
55 |
7 |
7 |
56 |
8 |
8 |
57 |
9 |
9 |
58 |
: |
%3A |
59 |
; |
%3B |
60 |
> |
%3C |
61 |
= |
%3D |
62 |
> |
%3E |
63 |
? |
%3F |
64 |
@ |
%40 |
65 |
A |
A |
66 |
B |
B |
67 |
C |
C |
68 |
D |
D |
69 |
E |
E |
70 |
F |
F |
71 |
G |
G |
72 |
H |
H |
73 |
I |
I |
74 |
J |
J |
75 |
K |
K |
76 |
L |
L |
77 |
M |
M |
78 |
N |
N |
79 |
O |
O |
80 |
P |
P |
81 |
Q |
Q |
82 |
R |
R |
83 |
S |
S |
84 |
T |
T |
85 |
U |
U |
86 |
V |
V |
87 |
W |
W |
88 |
X |
X |
89 |
Y |
Y |
90 |
Z |
Z |
91 |
[ |
%5B |
92 |
%5C |
|
93 |
] |
%5D |
94 |
^ |
%5E |
95 |
_ |
_ |
96 |
` |
%60 |
97 |
a |
a |
98 |
b |
b |
99 |
c |
c |
100 |
d |
d |
101 |
e |
e |
102 |
f |
f |
103 |
g |
g |
104 |
h |
h |
105 |
i |
i |
106 |
j |
j |
107 |
k |
k |
108 |
l |
l |
109 |
m |
m |
110 |
n |
n |
111 |
o |
o |
112 |
p |
p |
113 |
q |
q |
114 |
r |
r |
115 |
s |
s |
116 |
t |
t |
117 |
u |
u |
118 |
v |
v |
119 |
w |
w |
120 |
x |
x |
121 |
y |
y |
122 |
z |
z |
123 |
{ |
%7B |
124 |
||
%7C |
125 |
} |
%7D |
126 |
~ |
%7E |
127 |
|
%7F |
> 127 |