I need to see the contents of the viewstate of an asp.net page. I looked for a viewstate decoder, found Fridz Onion's ViewState Decoder but it asks for the url of a page to get its viewstate. Since my viewstate is formed after a postback and comes as a result of an operation in an update panel, I cannot provide a url. I need to copy & paste the viewstate string and see what's inside. Is there a tool or a website exist that can help viewing the contents of viewstate?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
由 
翻译强力驱动
翻译强力驱动问题:
回答1:
Use Fiddler and grab the view state in the response and paste it into the bottom left text box then decode.
回答2:
Here's an online ViewState decoder:
http://ignatu.co.uk/ViewStateDecoder.aspx
Edit: Unfortunatey, the above link is dead - here's another ViewState decoder (from the comments):
回答3:
Here is the source code for a ViewState visualizer from Scott Mitchell's article on ViewState (25 pages)
using System; using System.Collections; using System.Text; using System.IO; using System.Web.UI; namespace ViewStateArticle.ExtendedPageClasses { /// /// Parses the view state, constructing a viaully-accessible object graph. /// public class ViewStateParser { // private member variables private TextWriter tw; private string indentString = " "; #region Constructor /// /// Creates a new ViewStateParser instance, specifying the TextWriter to emit the output to. /// public ViewStateParser(TextWriter writer) { tw = writer; } #endregion #region Methods #region ParseViewStateGraph Methods /// /// Emits a readable version of the view state to the TextWriter passed into the object's constructor. /// /// The view state object to start parsing at. public virtual void ParseViewStateGraph(object viewState) { ParseViewStateGraph(viewState, 0, string.Empty); } /// /// Emits a readable version of the view state to the TextWriter passed into the object's constructor. /// /// A base-64 encoded representation of the view state to parse. public virtual void ParseViewStateGraph(string viewStateAsString) { // First, deserialize the string into a Triplet LosFormatter los = new LosFormatter(); object viewState = los.Deserialize(viewStateAsString); ParseViewStateGraph(viewState, 0, string.Empty); } /// /// Recursively parses the view state. /// /// The current view state node. /// The "depth" of the view state tree. /// A label to display in the emitted output next to the current node. protected virtual void ParseViewStateGraph(object node, int depth, string label) { tw.Write(System.Environment.NewLine); if (node == null) { tw.Write(String.Concat(Indent(depth), label, "NODE IS NULL")); } else if (node is Triplet) { tw.Write(String.Concat(Indent(depth), label, "TRIPLET")); ParseViewStateGraph(((Triplet) node).First, depth+1, "First: "); ParseViewStateGraph(((Triplet) node).Second, depth+1, "Second: "); ParseViewStateGraph(((Triplet) node).Third, depth+1, "Third: "); } else if (node is Pair) { tw.Write(String.Concat(Indent(depth), label, "PAIR")); ParseViewStateGraph(((Pair) node).First, depth+1, "First: "); ParseViewStateGraph(((Pair) node).Second, depth+1, "Second: "); } else if (node is ArrayList) { tw.Write(String.Concat(Indent(depth), label, "ARRAYLIST")); // display array values for (int i = 0; i /// Returns a string containing the A string containing the protected virtual string Indent(int depth) { StringBuilder sb = new StringBuilder(IndentString.Length * depth); for (int i = 0; i /// Specifies the indentation to use for each level when displaying the object graph. /// /// A string value; the default is three blank spaces. public string IndentString { get { return indentString; } set { indentString = value; } } #endregion } }And here's a simple page to read the viewstate from a textbox and graph it using the above code
private void btnParse_Click(object sender, System.EventArgs e) { // parse the viewState StringWriter writer = new StringWriter(); ViewStateParser p = new ViewStateParser(writer); p.ParseViewStateGraph(txtViewState.Text); ltlViewState.Text = writer.ToString(); }回答4:
As another person just mentioned, it's a base64 encoded string. In the past, I've used this website to decode it:
回答5:
Here's another decoder that works well as of 2014: http://viewstatedecoder.azurewebsites.net/
This worked on an input on which the Ignatu decoder failed with "The serialized data is invalid" (although it leaves the BinaryFormatter-serialized data undecoded, showing only its length).
回答6:
JavaScript-ViewState-Parser:
- http://mutantzombie.github.com/JavaScript-ViewState-Parser/
- https://github.com/mutantzombie/JavaScript-ViewState-Parser/
The parser should work with most non-encrypted ViewStates. It doesn’t handle the serialization format used by .NET version 1 because that version is sorely outdated and therefore too unlikely to be encountered in any real situation.
http://deadliestwebattacks.com/2011/05/29/javascript-viewstate-parser/
Parsing .NET ViewState
A Spirited Peek into ViewState, Part I:
http://deadliestwebattacks.com/2011/05/13/a-spirited-peek-into-viewstate-part-i/
A Spirited Peek into ViewState, Part II:
http://deadliestwebattacks.com/2011/05/25/a-spirited-peek-into-viewstate-part-ii/
回答7:
You can ignore the URL field and simply paste the viewstate into the Viewstate string box.
It does look like you have an old version; the serialisation methods changed in ASP.NET 2.0, so grab the 2.0 version
回答8:
This is somewhat "native" .NET way of converting ViewState from string into StateBag Code is below:
public static StateBag LoadViewState(string viewState) { System.Web.UI.Page converterPage = new System.Web.UI.Page(); HiddenFieldPageStatePersister persister = new HiddenFieldPageStatePersister(new Page()); Type utilClass = typeof(System.Web.UI.BaseParser).Assembly.GetType("System.Web.UI.Util"); if (utilClass != null && persister != null) { MethodInfo method = utilClass.GetMethod("DeserializeWithAssert", BindingFlags.NonPublic | BindingFlags.Static); if (method != null) { PropertyInfo formatterProperty = persister.GetType().GetProperty("StateFormatter", BindingFlags.NonPublic | BindingFlags.Instance); if (formatterProperty != null) { IStateFormatter formatter = (IStateFormatter)formatterProperty.GetValue(persister, null); if (formatter != null) { FieldInfo pageField = formatter.GetType().GetField("_page", BindingFlags.NonPublic | BindingFlags.Instance); if (pageField != null) { pageField.SetValue(formatter, null); try { Pair pair = (Pair)method.Invoke(null, new object[] { formatter, viewState }); if (pair != null) { MethodInfo loadViewState = converterPage.GetType().GetMethod("LoadViewStateRecursive", BindingFlags.Instance | BindingFlags.NonPublic); if (loadViewState != null) { FieldInfo postback = converterPage.GetType().GetField("_isCrossPagePostBack", BindingFlags.NonPublic | BindingFlags.Instance); if (postback != null) { postback.SetValue(converterPage, true); } FieldInfo namevalue = converterPage.GetType().GetField("_requestValueCollection", BindingFlags.NonPublic | BindingFlags.Instance); if (namevalue != null) { namevalue.SetValue(converterPage, new NameValueCollection()); } loadViewState.Invoke(converterPage, new object[] { ((Pair)((Pair)pair.First).Second) }); FieldInfo viewStateField = typeof(Control).GetField("_viewState", BindingFlags.NonPublic | BindingFlags.Instance); if (viewStateField != null) { return (StateBag)viewStateField.GetValue(converterPage); } } } } catch (Exception ex) { if (ex != null) { } } } } } } } return null; }回答9:
Online Viewstate Viewer made by Lachlan Keown:
http://lachlankeown.blogspot.com/2008/05/online-viewstate-viewer-decoder.html
回答10:
Normally, ViewState should be decryptable if you have the machine-key, right? After all, ASP.net needs to decrypt it, and that is certainly not a black box.
转载请标明出处:How to decode viewstate
文章来源: How to decode viewstate