Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


VIEWSTATE module and decoder was copied from and all kudos go to yuvadm.

I just wrote a small tool to easily decode ASP.NET __VIEWSTATE variables without having to install the viewstate module into the system with administrative privileges and be able to decode the variables with a small script using a terminal, without writting python code.

Sometimes when doing webpentesting against a ASP web application is useful a tool like this.


** ASP.NET __VIEWSTATE decoder **

[*] Decoding __VIEWSTATE:
(('1591068609', None), None)


To protect against this attacks turn EnableViewStateMac property to True in the machine.config file. To encrypt turn property validation to 3DES.


Use at your own risk in an environment that you are allowed to attack.

~ (c) spinfoo