__VIEWSTATE decode?

[KUMAR]

Hi null mates,

I am new to null and this is my first post. my query is :

during intercepting  the request (some website) , I saw "__VIEWSTATE= " it contain  some long encrypted string. i wanna see what encrypted string contains. is there any way to decrypt/decode it.

thank u

[sandesh anand]

VIEWSTATE may or may not be encrypted. If you are intercepting using Burp, non-encrypted VIEWSTATE will automatically decoded (Remember, Viewstate is just a Base64 encoded string with some structure imposed by .NET)and presented in the "Viewstate" tab that appears in the Response. 

If it's encrypted, I am not aware any reliable ways of decrypting it as an attacker.

You should certainly ensure the Viewstate is encrypted if it contains sensitive info. There are more defense techniques listed here (not just encryption): http://msdn.microsoft.com/en-us/library/ms178199(v=vs.85).aspx 

Sandesh

--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Shirish Padalkar]

Hi,

I mostly use this online tool to decode VIEWSTATE - http://ignatu.co.uk/ViewStateDecoder.aspx

--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

With regards,

Shirish | https://twitter.com/_Garbage_

[Shah Dhruv]

imo burpsuite does an automatic decryption of the viewstate if in base64 .. pretty handy .

______________________

Dhruv Shah aka Snypter

Blogger | Researcher | Consultant | Writer

Youtube | Facebook | Linkedin | Twitter | Blog

[sandesh anand]

Please do not get  confused. Decryption != Decoding. 

This is a very important difference. 

"encrypted" data is meant to be a secret. It can only be "decrypted" using a special key (depending on the crypto algorithm, "key" can take different forms). Example of such algorithms are RC4, AES etc

"encoded" data is not meant to be a secret (some people may use it wrongly as a secret). It can easily be "decoded" as long as you know the "encoding" method (e.g. Base64).

Viewstate is always Base64 encoded. Any Base64 decoder (such as the one in Burp or many other resource online) can decode it

Sometimes, Viewstate is also "encrypted". Burp CANNOT decrypt this value. In fact, Burp will show a message saying it cannot do so. If Burp is showing data in the "Viewstate" tab, you can safely assume that there has been no encryption.

Hope this clarifies things

Regards
Sandesh

[Shah Dhruv]

Thanx sandesh anand in helping me clear my misconception w.r.t Viewstate

______________________

Dhruv Shah aka Snypter

Blogger | Researcher | Consultant | Writer

Youtube | Facebook | Linkedin | Twitter | Blog