🔝 How to decode ASP.NET VIEWSTATE

Penetration Testing Wiki

🔝 How to decode ASP.NET VIEWSTATE

asp.net viewstate decoder

Sometimes when doing web pentesting against an ASP web application is useful a tool like this:

$ ./decoder.py "/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0="
** ASP.NET __VIEWSTATE decoder **

[*] Decoding __VIEWSTATE:
/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0=
(('1591068609', None), None)

For that, I developed a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a terminal, without writing python code.

You can download the code from here: https://github.com/defensahacker/viewstate-decoder

How useful was this post?

Click on a star to rate it!

Average rating 4 / 5. Vote count: 1

No votes so far! Be the first to rate this post.