Skip to main content

ASP.NET View State Decoder

Project description

A small Python library for decoding ASP.NET viewstate.

Viewstate is a method used in the ASP.NET framework to persist changes to a web form across postbacks. It is usually saved on a hidden form field:

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEP...">

Decoding the view state can be useful in penetration testing on ASP.NET applications, as well as revealing more information that can be used to efficiently scrape web pages.

https://github.com/yuvadm/viewstate/workflows/Build/badge.svg https://img.shields.io/pypi/v/viewstate

Install

$ pip install viewstate

Usage

The Viewstate decoder accepts Base64 encoded .NET viewstate data and returns the decoded output in the form of plain Python objects.

There are two main ways to use this package. First, it can be used as an imported library with the following typical use case:

>>> from viewstate import ViewState
>>> base64_encoded_viewstate = '/wEPBQVhYmNkZQ9nAgE='
>>> vs = ViewState(base64_encoded_viewstate)
>>> vs.decode()
('abcde', (True, 1))

It is also possible to feed the raw bytes directly:

>>> vs = ViewState(raw=b'\xff\x01....')

Alternatively, the library can be used via command line by directly executing the module:

$ cat data.base64 | python -m viewstate

Which will pretty-print the decoded data structure.

The command line usage can also accept raw bytes with the -r flag:

$ cat data.base64 | base64 -d | python -m viewstate -r

Viewstate HMAC signatures are also supported. In case there are any remaining bytes after parsing, they are assumed to be HMAC signatures, with the types estimated according to signature length.

>>> vs = ViewState(signed_view_state)
>>> vs.decode()
>>> vs.mac
'hmac_sha256'
>>> vs.signature
b'....'

Development

Development packages can be installed with uv. Unit tests, lints and code formatting tasks can be run with:

$ uv sync --group dev
$ uv run pytest
$ uv run ruff

For PyPI releases, run build and publish:

$ uv build
$ uv publish

Note that for uploading a new package version, a valid PyPI auth token should be configured.

References

Since there is no publically available specification of how .NET viewstate is encoded, reverse engineering was based on prior work:

Any official documents would be gladly accepted to help improve the parsing logic.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

viewstate-0.7.0.tar.gz (8.9 kB view details)

Uploaded Source

Built Distribution

viewstate-0.7.0-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file viewstate-0.7.0.tar.gz.

File metadata

  • Download URL: viewstate-0.7.0.tar.gz
  • Upload date:
  • Size: 8.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.6.14

File hashes

Hashes for viewstate-0.7.0.tar.gz
Algorithm Hash digest
SHA256 6544ee05b528ecc2885627c55f10e32b7dfe3e1b71a4ecffb000c455dae8dee4
MD5 1c9acf237421cd1086a51ca2746b8b22
BLAKE2b-256 81ab0909fc024e69e41ae6bbb08c651c9ad495f79b00390625886d7cd1a5aed6

See more details on using hashes here.

File details

Details for the file viewstate-0.7.0-py3-none-any.whl.

File metadata

  • Download URL: viewstate-0.7.0-py3-none-any.whl
  • Upload date:
  • Size: 7.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.6.14

File hashes

Hashes for viewstate-0.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3d46bddd7832f80f7e5852b0c65c26dcf81b90069cc836ec4cd881addeb07d49
MD5 978127cc26aced91a6507140b6161e60
BLAKE2b-256 488da172fb533625a40ad5d9183784d46077abd64b0e395683ac6e23d524be7b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page