ASP.NET View State Decoder

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Yuval Adam

Requires: Python >=3.5.0

Maintainers

Avatar for yuvadm from gravatar.com yuvadm

Classifiers

Project description

A small Python 3.5+ library for decoding ASP.NET viewstate.

Viewstate is a method used in the ASP.NET framework to persist changes to a web form across postbacks. It is usually saved on a hidden form field:

<input type=<s>"hidden"</s> name=<s>"__VIEWSTATE"</s> id=<s>"__VIEWSTATE"</s> value=<s>"/wEP..."</s>>

Decoding the view state can be useful in penetration testing on ASP.NET applications, as well as revealing more information that can be used to efficiently scrape web pages.

https://github.com/yuvadm/viewstate/workflows/Build/badge.svg https://img.shields.io/pypi/v/viewstate

Install

$ pip install viewstate

Usage

The Viewstate decoder accepts Base64 encoded .NET viewstate data and returns the decoded output in the form of plain Python objects.

There are two main ways to use this package. First, it can be used as an imported library with the following typical use case:

>>> from viewstate import ViewState
>>> base64_encoded_viewstate = '/wEPBQVhYmNkZQ9nAgE='
>>> vs = ViewState(base64_encoded_viewstate)
>>> vs.decode()
('abcde', (True, 1))

It is also possible to feed the raw bytes directly:

>>> vs = ViewState(raw=b'\xff\x01....')

Alternatively, the library can be used via command line by directly executing the module:

$ cat data.base64 | python -m viewstate

Which will pretty-print the decoded data structure.

The command line usage can also accept raw bytes with the -r flag:

$ cat data.base64 | base64 -d | python -m viewstate -r

Viewstate HMAC signatures are also supported. In case there are any remaining bytes after parsing, they are assumed to be HMAC signatures, with the types estimated according to signature length.

>>> vs = ViewState(signed_view_state)
>>> vs.decode()
>>> vs.mac
'hmac_sha256'
>>> vs.signature
b'....'

Development

Development packages can be installed with pipenv. Unit tests and code formatting tasks can be run with the builtin scripts:

$ pipenv sync -d
$ pipenv run test
$ pipenv run format

For PyPI releases, follow the build, check and upload scripts.

$ pipenv run build
$ pipenv run check
$ pipenv run upload

Note that for uploading a new package version, a valid PyPI auth token should be defined in ~/.pypirc.

References

Since there is no publically available specification of how .NET viewstate is encoded, reverse engineering was based on prior work:

Any official documents would be gladly accepted to help improve the parsing logic.

License

MIT

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Yuval Adam

Requires: Python >=3.5.0

Maintainers

Avatar for yuvadm from gravatar.com yuvadm

Classifiers


Release history Release notifications | RSS feed

This version

0.5.3

0.5.2

0.5.1

0.4.3

0.4.2

0.4.1

0.4.0

0.3.1

0.3.0

0.2.1

0.2.0

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

viewstate-0.5.3.tar.gz (8.4 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page