Learn Pentesting like a Pro!

Share this post

🔝 How to decode ASP.NET VIEWSTATE

pentesting.academy

🔝 How to decode ASP.NET VIEWSTATE

pentesting.academy
Nov 21, 2021
Share this post

🔝 How to decode ASP.NET VIEWSTATE

pentesting.academy

Sometimes when doing web pentesting against an ASP web application is useful a tool like this:

$ ./decoder.py "/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0="
** ASP.NET __VIEWSTATE decoder **

[*] Decoding __VIEWSTATE:
/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0=
(('1591068609', None), None)

For that, I developed a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a terminal, without writing python code.

You can download the code from here: https://github.com/defensahacker/viewstate-decoder

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

Share this post

🔝 How to decode ASP.NET VIEWSTATE

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing