Pip3line - raw byte manipulation and interception framework.

Pip3line – raw byte manipulation and interception framework.

Pip3line is a raw bytes manipulation utility, able to apply well known and less well known transformations from anywhere to anywhere (almost). Its main usefulness lies in pentesting and reverse-engineering / binary analysis purposes. Current transformations list include classic decoders such as Base64/32/hex to simple cryptographic ciphers, and includes common hashes algorithms as well as obfuscation techniques.

Easy to use, but still offering some tweaking for most transformations, it also has the ability to save/restore a configured transformation chain for future used.

pip3line

Transformations currently implemented
– Base32 (RFC 4648, Crockford, RFC 2938 a.k.a base32hex)
– Base64 (RFC 4648, “.Net” special version for *Resource.axd, Urlsafe)
– Base rotation algorithm on bytes (used by Firefox for obfuscation)
– Binary encoding
– Bytes to Integer
– Char encoding (Unicode, iso …)
– Cisco secret 7 decryption/encryption
– CRC32
– Cut
– FIX protocol parser (v4.4)
– Hexadecimal
– Hieroglyphy For JavaScript obfuscation
– HMAC calculations (MD4, MD5, SHA-1, Qt5 specific: SHA-224, SHA-256, SHA-384, SHA-512)
– Html
– Int to Timestamp (Epoch)
– Int64 to Timestamp (Microsoft)
– IPv4 translator between number and string representation of an IP
– Netmask calculator for IPv4 and IPv6
– Md4/Md5/Sha1 (built-in)
– NTLMSSP Messages parser
– Padding (Zero, ANSI X.923, ISO 10126, PKCS7, custom single char)
– Random Case
– Regular Expression (match&extract, match&replace)
– Reverse
– ROTx (ROT13, ROT5, ROT47)
– Signed Short to Char decoder
– Split
– Substitution crypto algorithm
Oracle/MySql/MSSql/Postgres/Javascript concatenated string
– Url Encode
– Xor
– XmlQuery (XPATH)
– Zlib compression

Download Windows Binary: pip3line_3.2.0_win_x32.zip(34.5 MB) | pip3line_3.2.0_win_x64.zip(40 MB)
Download tarball: v3.2.0.tar.gz
Source: http://metrodango.github.io/pip3line/index.html