How to decode viewstate

Question

How to decode viewstate

I need to see the contents of the viewstate of an asp.net page. I searched for the viewstate decoder, found the Friedz Lun ViewState Decoder , but it requests the URL of the page to get its viewstate. Since my viewstate is formed after the postback and appears as a result of the operation in the update panel, I cannot provide the URL. I need to copy and paste the viewstate line and see what's inside. Is there any tool or website that can help view viewstate content?

+53

asp.net viewstate

Serhat Ozgel Aug 22 '08 at 16:38

source share

10 answers

Here's the online viewstate decoder:

~~http://ignatu.co.uk/ViewStateDecoder.aspx~~

Edit: Unfortunately, the link above is dead - here is another ViewState decoder (from comments):

http://viewstatedecoder.azurewebsites.net/

+38

James 07 Feb 2018-11-11T00:

source share

Here is the source code for the ViewState visualizer from Scott Mitchell's article on ViewState (25 pages)

using System; using System.Collections; using System.Text; using System.IO; using System.Web.UI; namespace ViewStateArticle.ExtendedPageClasses { /// <summary> /// Parses the view state, constructing a viaully-accessible object graph. /// </summary> public class ViewStateParser { // private member variables private TextWriter tw; private string indentString = " "; #region Constructor /// <summary> /// Creates a new ViewStateParser instance, specifying the TextWriter to emit the output to. /// </summary> public ViewStateParser(TextWriter writer) { tw = writer; } #endregion #region Methods #region ParseViewStateGraph Methods /// <summary> /// Emits a readable version of the view state to the TextWriter passed into the object constructor. /// </summary> /// <param name="viewState">The view state object to start parsing at.</param> public virtual void ParseViewStateGraph(object viewState) { ParseViewStateGraph(viewState, 0, string.Empty); } /// <summary> /// Emits a readable version of the view state to the TextWriter passed into the object constructor. /// </summary> /// <param name="viewStateAsString">A base-64 encoded representation of the view state to parse.</param> public virtual void ParseViewStateGraph(string viewStateAsString) { // First, deserialize the string into a Triplet LosFormatter los = new LosFormatter(); object viewState = los.Deserialize(viewStateAsString); ParseViewStateGraph(viewState, 0, string.Empty); } /// <summary> /// Recursively parses the view state. /// </summary> /// <param name="node">The current view state node.</param> /// <param name="depth">The "depth" of the view state tree.</param> /// <param name="label">A label to display in the emitted output next to the current node.</param> protected virtual void ParseViewStateGraph(object node, int depth, string label) { tw.Write(System.Environment.NewLine); if (node == null) { tw.Write(String.Concat(Indent(depth), label, "NODE IS NULL")); } else if (node is Triplet) { tw.Write(String.Concat(Indent(depth), label, "TRIPLET")); ParseViewStateGraph(((Triplet) node).First, depth+1, "First: "); ParseViewStateGraph(((Triplet) node).Second, depth+1, "Second: "); ParseViewStateGraph(((Triplet) node).Third, depth+1, "Third: "); } else if (node is Pair) { tw.Write(String.Concat(Indent(depth), label, "PAIR")); ParseViewStateGraph(((Pair) node).First, depth+1, "First: "); ParseViewStateGraph(((Pair) node).Second, depth+1, "Second: "); } else if (node is ArrayList) { tw.Write(String.Concat(Indent(depth), label, "ARRAYLIST")); // display array values for (int i = 0; i < ((ArrayList) node).Count; i++) ParseViewStateGraph(((ArrayList) node)[i], depth+1, String.Format("({0}) ", i)); } else if (node.GetType().IsArray) { tw.Write(String.Concat(Indent(depth), label, "ARRAY ")); tw.Write(String.Concat("(", node.GetType().ToString(), ")")); IEnumerator e = ((Array) node).GetEnumerator(); int count = 0; while (e.MoveNext()) ParseViewStateGraph(e.Current, depth+1, String.Format("({0}) ", count++)); } else if (node.GetType().IsPrimitive || node is string) { tw.Write(String.Concat(Indent(depth), label)); tw.Write(node.ToString() + " (" + node.GetType().ToString() + ")"); } else { tw.Write(String.Concat(Indent(depth), label, "OTHER - ")); tw.Write(node.GetType().ToString()); } } #endregion /// <summary> /// Returns a string containing the <see cref="IndentString"/> property value a specified number of times. /// </summary> /// <param name="depth">The number of times to repeat the <see cref="IndentString"/> property.</param> /// <returns>A string containing the <see cref="IndentString"/> property value a specified number of times.</returns> protected virtual string Indent(int depth) { StringBuilder sb = new StringBuilder(IndentString.Length * depth); for (int i = 0; i < depth; i++) sb.Append(IndentString); return sb.ToString(); } #endregion #region Properties /// <summary> /// Specifies the indentation to use for each level when displaying the object graph. /// </summary> /// <value>A string value; the default is three blank spaces.</value> public string IndentString { get { return indentString; } set { indentString = value; } } #endregion } }

And here is a simple page to read the viewstate from a text box and draw it using the code above

 private void btnParse_Click(object sender, System.EventArgs e) { // parse the viewState StringWriter writer = new StringWriter(); ViewStateParser p = new ViewStateParser(writer); p.ParseViewStateGraph(txtViewState.Text); ltlViewState.Text = writer.ToString(); }

+13

Sameer May 15 '12 at 16:26

source share

As already mentioned, this is a base64 encoded string. I used to use this site to decode it:

http://www.motobit.com/util/base64-decoder-encoder.asp

+7

Josh Hinman Aug 22 '08 at 16:49

source share

Here is another decoder that has been working well since 2014: http://viewstatedecoder.azurewebsites.net/

This worked on the input, on which the Ignatu decoder failed with the error: "Serialized data is invalid" (although it leaves the uncoded BinaryFormatter data serialized, showing only its length).

+5

Roman Starkov Jul 16 '14 at 23:21

source share

JavaScript-ViewState-Parser:

The parser should work with most unencrypted ViewStates. This does not handle the serialization format used by .NET version 1 because the version is very outdated and therefore too unlikely to be found in any real situation.

http://deadliestwebattacks.com/2011/05/29/javascript-viewstate-parser/

Parsing a .NET ViewState

A glimpse into the ViewState, Part I:
http://deadliestwebattacks.com/2011/05/13/a-spirited-peek-into-viewstate-part-i/
A glimpse into ViewState, part II:
http://deadliestwebattacks.com/2011/05/25/a-spirited-peek-into-viewstate-part-ii/

+4

XP1 Mar 10 '13 at 18:07

source share

You can ignore the URL field and just embed the viewstate in the string line of the ViewState.

You seem to have an old version; serialization methods changed in ASP.NET 2.0, so take version 2.0

+2

blowdart Aug 22 '08 at 16:50

source share

This is a somewhat “native” way of converting ViewState from string to StateBag code below:

 public static StateBag LoadViewState(string viewState) { System.Web.UI.Page converterPage = new System.Web.UI.Page(); HiddenFieldPageStatePersister persister = new HiddenFieldPageStatePersister(new Page()); Type utilClass = typeof(System.Web.UI.BaseParser).Assembly.GetType("System.Web.UI.Util"); if (utilClass != null && persister != null) { MethodInfo method = utilClass.GetMethod("DeserializeWithAssert", BindingFlags.NonPublic | BindingFlags.Static); if (method != null) { PropertyInfo formatterProperty = persister.GetType().GetProperty("StateFormatter", BindingFlags.NonPublic | BindingFlags.Instance); if (formatterProperty != null) { IStateFormatter formatter = (IStateFormatter)formatterProperty.GetValue(persister, null); if (formatter != null) { FieldInfo pageField = formatter.GetType().GetField("_page", BindingFlags.NonPublic | BindingFlags.Instance); if (pageField != null) { pageField.SetValue(formatter, null); try { Pair pair = (Pair)method.Invoke(null, new object[] { formatter, viewState }); if (pair != null) { MethodInfo loadViewState = converterPage.GetType().GetMethod("LoadViewStateRecursive", BindingFlags.Instance | BindingFlags.NonPublic); if (loadViewState != null) { FieldInfo postback = converterPage.GetType().GetField("_isCrossPagePostBack", BindingFlags.NonPublic | BindingFlags.Instance); if (postback != null) { postback.SetValue(converterPage, true); } FieldInfo namevalue = converterPage.GetType().GetField("_requestValueCollection", BindingFlags.NonPublic | BindingFlags.Instance); if (namevalue != null) { namevalue.SetValue(converterPage, new NameValueCollection()); } loadViewState.Invoke(converterPage, new object[] { ((Pair)((Pair)pair.First).Second) }); FieldInfo viewStateField = typeof(Control).GetField("_viewState", BindingFlags.NonPublic | BindingFlags.Instance); if (viewStateField != null) { return (StateBag)viewStateField.GetValue(converterPage); } } } } catch (Exception ex) { if (ex != null) { } } } } } } } return null; }

+2

Basil Jun 28 '13 at 18:05

source share

Live View by Laclan Keun:

http://lachlankeown.blogspot.com/2008/05/online-viewstate-viewer-decoder.html

+1

XP1 Mar 10 '13 at 18:16

source share

Normally, ViewState should be decryptable if you have a machine key, right? After all, ASP.net needs to decrypt it, and it is certainly not a black box.

0

Michael Stum Aug 22 '08 at 17:15

source share

Darren Kopp · Accepted Answer · 2008-08-22 16:40

Use Fiddler and capture the state of the view in the response and paste it into the lower left text box, and then decode.

How to decode viewstate

More articles: