← BACK

BagEnd

HTML ⭐ 0
BagEnd app icon

🟢 Bag End — The Burglar's Toolkit

A cosy little door into text transformation, obfuscation & Markdown craft.

“It's a dangerous business, going out your door, and pasting your text into a strange tool.”


Single File
No Build
Vanilla JS
Zero Deps


One HTML file. No build step. No dependencies. No servers.
Open it in a browser and you're in.


🕯️ What is it?

Bag End is a self-contained, single-file web app for transforming, obfuscating, and formatting text — wrapped in a warm Hobbit-hole aesthetic (round green door and all). It ships as one index.html you can double-click to run, keep on a USB stick, or drop on any static host.

It has two personalities:

📜 The Toolkit Pick a trick from the side panel; paste text in the left box, get the result on the right.
🗝️ Burglar Mode Arm a trick, then type — everything you type comes out already transformed. Switch tricks mid-sentence to weave hybrid text, then export.

✨ Features at a glance

  • 🎨 Two themesUnder the Hill at night (dark) & Parchment daylight (light), toggle any time.
  • 🧵 Hybrid text weaving in Burglar Mode — layer different styles across one document as you type.
  • 👻 Invisible-character preview — hidden Unicode shown as gold markers on-screen, while the copied text stays truly invisible.
  • 📝 Live Markdown — write Markdown, see it rendered instantly (headings, tables, task lists, code, and more).
  • 📤 Export to .md or .pdf straight from the workspace.
  • 📱 Responsive & polished — works on laptop and mobile, with hidden scrollbars for a clean look.
  • Instant — everything runs locally in your browser; nothing leaves the page.

🧰 The tricks

Trick Badge What it does
Leet / Upper 13 Uppercases and swaps A→4 E→3 I→1 O→0 S→5 T→7.
Injector !! Wraps text with instruction-style framing and censors a keyword list — for prompt-injection research.
Invisible Unicode Inserts / weaves zero-width characters (ZWSP, ZWNJ, ZWJ, WJ, ZWNBSP). Preview shows them; copy hides them.
Zalgo / Eldritch Z Corrupts text with stacked combining marks. A Crazy Level slider summons more chaos.
Glitch Broken-signal corruption — lookalike glyphs, static blocks, strikethroughs and stutters.
URL Encoding % Percent-encodes text, optionally embedded into a URL template via {}.
Dynamic Reconstruction 0x Rebuilds a string as runtime code (chr() join, \x/\u escapes, bytes.fromhex(), JS fromCodePoint()) so static string/regex filters never see the literal.
Markdown M↓ Full Markdown → live rendered preview, with a toolbar to wrap selections and a one-click cheat-sheet.

In Burglar Mode the same tricks become armed styles: the option controls (level slider, invisible-char picker, reconstruction format) adapt to whichever trick you arm.


🚀 Getting started

# Option 1 — just open it
double-click index.html

# Option 2 — serve it (any static server works)
python -m http.server 8000
# then visit http://localhost:8000

That's the whole install. There is no step 2.


🗝️ Using Burglar Mode

  1. Click ◆ BURGLAR in the header.
  2. Tap a trick chip to arm it — the bar underneath shows what's armed.
  3. Type — your text appears already transformed. Paste works too.
  4. Switch chips to weave a new style into the next part; tap RAW (or the armed chip again) to type plain.
  5. UNDO / COPY / CLEAR as needed, then EXPORT to .md or .pdf.

Special behaviours:

  • Invisible weaves hidden characters between glyphs and has an Insert ∅ at cursor button.
  • Injector & Reconstruction keep a running buffer and re-render the whole block as you type (no repeated wrappers).
  • Markdown keeps your raw Markdown in the workspace and shows a live rendered preview alongside.

🎨 Design & tech

  • Stack: hand-written HTML + CSS + vanilla JavaScript. No frameworks, no bundler.
  • Fonts: Uncial Antiqua, Cinzel, and EB Garamond (via Google Fonts).
  • Theming: CSS custom properties with a distinct “thief in the night” palette for Burglar Mode.
  • Markdown engine: a compact from-scratch parser (headings, emphasis, code spans & fences, links, images, blockquotes, ordered/unordered/task lists, alignment-aware tables, rules).
  • Everything is client-side — your text never leaves the browser.

⚖️ Responsible use

This toolkit includes techniques (prompt-injection framing, static-analysis evasion, invisible characters) intended for authorized security testing, CTF challenges, and educational research. Use it only against systems you own or are permitted to test. You are responsible for how you use it.


📁 Project structure

bag end/
├── index.html   ← the entire application
└── README.md    ← you are here

Made under the Hill. Mind the step on your way out. 🚪