๐Ÿ” How to decode ASP.NET VIEWSTATE

Sometimes when doing web pentesting against an ASP web application is useful a tool like this:

$ ./decoder.py "/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0="
** ASP.NET __VIEWSTATE decoder **

[*] Decoding __VIEWSTATE:
/wEPDwUKMTU5MTA2ODYwOWRkoCvvBWgUOH7PD446qvEOF6GTCq0=
(('1591068609', None), None)

For that, I developed a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a terminal, without writing python code.

You can download the code from here: https://github.com/defensahacker/viewstate-decoder

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *