How to decode viewstate
I need to see the contents of the viewstate of an asp.net page. I looked for a viewstate decoder, found Fridz Onion\'s ViewState Decoder but it asks for the url of a page to
-
This is somewhat "native" .NET way of converting ViewState from string into StateBag Code is below:
public static StateBag LoadViewState(string viewState) { System.Web.UI.Page converterPage = new System.Web.UI.Page(); HiddenFieldPageStatePersister persister = new HiddenFieldPageStatePersister(new Page()); Type utilClass = typeof(System.Web.UI.BaseParser).Assembly.GetType("System.Web.UI.Util"); if (utilClass != null && persister != null) { MethodInfo method = utilClass.GetMethod("DeserializeWithAssert", BindingFlags.NonPublic | BindingFlags.Static); if (method != null) { PropertyInfo formatterProperty = persister.GetType().GetProperty("StateFormatter", BindingFlags.NonPublic | BindingFlags.Instance); if (formatterProperty != null) { IStateFormatter formatter = (IStateFormatter)formatterProperty.GetValue(persister, null); if (formatter != null) { FieldInfo pageField = formatter.GetType().GetField("_page", BindingFlags.NonPublic | BindingFlags.Instance); if (pageField != null) { pageField.SetValue(formatter, null); try { Pair pair = (Pair)method.Invoke(null, new object[] { formatter, viewState }); if (pair != null) { MethodInfo loadViewState = converterPage.GetType().GetMethod("LoadViewStateRecursive", BindingFlags.Instance | BindingFlags.NonPublic); if (loadViewState != null) { FieldInfo postback = converterPage.GetType().GetField("_isCrossPagePostBack", BindingFlags.NonPublic | BindingFlags.Instance); if (postback != null) { postback.SetValue(converterPage, true); } FieldInfo namevalue = converterPage.GetType().GetField("_requestValueCollection", BindingFlags.NonPublic | BindingFlags.Instance); if (namevalue != null) { namevalue.SetValue(converterPage, new NameValueCollection()); } loadViewState.Invoke(converterPage, new object[] { ((Pair)((Pair)pair.First).Second) }); FieldInfo viewStateField = typeof(Control).GetField("_viewState", BindingFlags.NonPublic | BindingFlags.Instance); if (viewStateField != null) { return (StateBag)viewStateField.GetValue(converterPage); } } } } catch (Exception ex) { if (ex != null) { } } } } } } } return null; }讨论(0) -
As another person just mentioned, it's a base64 encoded string. In the past, I've used this website to decode it:
http://www.motobit.com/util/base64-decoder-encoder.asp
讨论(0) -
Use Fiddler and grab the view state in the response and paste it into the bottom left text box then decode.
讨论(0) -
Normally, ViewState should be decryptable if you have the machine-key, right? After all, ASP.net needs to decrypt it, and that is certainly not a black box.
讨论(0) -
Here's an online ViewState decoder:
http://ignatu.co.uk/ViewStateDecoder.aspxEdit: Unfortunatey, the above link is dead - here's another ViewState decoder (from the comments):
http://viewstatedecoder.azurewebsites.net/
讨论(0)
加载中...
- 热议问题