# Filter Evasion

## Javascript

Base64 encoded payload

```
eval(atob(<b64>))
[].contructor.contructor(atob(<b64>))()

setTimeout(atob(<b64>))
setInterval(atob(<b64>))
Function(atob(<b64>))
```

### Loose typing conversions

Boolean FALSE

```
![]
!{}
!!""
[]=={}
```

Boolean TRUE

```
!![]
!!{}
!""
[]==""
```

Convert a boolean to literal string (i.e. "true" and "false"). Works with any of the comparisons listed above

```
![]+""    #FALSE
!![]+""   #TRUE
```

Integer 0, can be implicitly casted to FALSE

```
+""
-""
-+-+""
+[]
-[]
-+-+[]
![]+![]
![]+!{}
![]+!!""
```

Integer 1, can be implicitly casted as TRUE. To obtain 1 we sum FALSE to TRUE

```
+!![]
![]+!""
![]+!![]
~[]*~[]
++[[]][+[]]
```

To generate other Integer numbers simply sum the expression of one to itself 2 or more times

```
+!![]                    #1
+!![]+!![]               #2
+!![]+!![]+!![]          #3
+!![]+!![]+!![]+!![]     #4
```

String characters

```
![]+""        # "false"
!![]+""       # "true"
{}+[]         # "[object Object]"
[]/[]+""      # "NaN"
!![]/![]+""   # "Infinity"
```

Extract a character from a string. By combining integer expressions for indexes and strings generated by the expression above it is possible to access the single characters and combine them to form malicious instructions and bypass filters

```
(!![]/![]+"")[+!![]]    #is equal to "Infinity"[1] --> "n"
```

## URI Obfuscation

Automatic login

```
http://<user>:<pass>@<domain>/<url>
```

Host obfuscation

```
http://0110.0220.0330.0440    #OCT format
http://0x0a0b0c0d             #HEX format without split
http://0x0a.0x0b.0x0c.0x0d    #HEX format split
http://4278190337             #DWORD (1.1.1.1 --> 0x01010101 --> #16843009)
```