Ser*_*gel 56 asp.net viewstate
我需要查看asp.net页面的viewstate的内容.我查找了一个视图状态解码器,找到了Fridz Onion的ViewState Decoder,但它要求页面的url获取其viewstate.由于我的视图状态是在回发后形成的,并且是由于更新面板中的操作而导致的,因此我无法提供网址.我需要复制并粘贴viewstate字符串,看看里面是什么.是否存在可以帮助查看viewstate内容的工具或网站?
Jam*_*mes 40
这是一个在线ViewState解码器:
http://ignatu.co.uk/ViewStateDecoder.aspx
编辑:不幸的是,上面的链接已经死了 - 这是另一个ViewState解码器(来自评论):
http://viewstatedecoder.azurewebsites.net/
Dar*_*opp 37
使用Fiddler并在响应中抓取视图状态并将其粘贴到左下角的文本框中然后解码.
Sam*_*eer 13
以下是Scott Mitchell关于ViewState的文章中 ViewState可视化工具的源代码(25页)
using System;
using System.Collections;
using System.Text;
using System.IO;
using System.Web.UI;
namespace ViewStateArticle.ExtendedPageClasses
{
/// <summary>
/// Parses the view state, constructing a viaully-accessible object graph.
/// </summary>
public class ViewStateParser
{
// private member variables
private TextWriter tw;
private string indentString = " ";
#region Constructor
/// <summary>
/// Creates a new ViewStateParser instance, specifying the TextWriter to emit the output to.
/// </summary>
public ViewStateParser(TextWriter writer)
{
tw = writer;
}
#endregion
#region Methods
#region ParseViewStateGraph Methods
/// <summary>
/// Emits a readable version of the view state to the TextWriter passed into the object's constructor.
/// </summary>
/// <param name="viewState">The view state object to start parsing at.</param>
public virtual void ParseViewStateGraph(object viewState)
{
ParseViewStateGraph(viewState, 0, string.Empty);
}
/// <summary>
/// Emits a readable version of the view state to the TextWriter passed into the object's constructor.
/// </summary>
/// <param name="viewStateAsString">A base-64 encoded representation of the view state to parse.</param>
public virtual void ParseViewStateGraph(string viewStateAsString)
{
// First, deserialize the string into a Triplet
LosFormatter los = new LosFormatter();
object viewState = los.Deserialize(viewStateAsString);
ParseViewStateGraph(viewState, 0, string.Empty);
}
/// <summary>
/// Recursively parses the view state.
/// </summary>
/// <param name="node">The current view state node.</param>
/// <param name="depth">The "depth" of the view state tree.</param>
/// <param name="label">A label to display in the emitted output next to the current node.</param>
protected virtual void ParseViewStateGraph(object node, int depth, string label)
{
tw.Write(System.Environment.NewLine);
if (node == null)
{
tw.Write(String.Concat(Indent(depth), label, "NODE IS NULL"));
}
else if (node is Triplet)
{
tw.Write(String.Concat(Indent(depth), label, "TRIPLET"));
ParseViewStateGraph(((Triplet) node).First, depth+1, "First: ");
ParseViewStateGraph(((Triplet) node).Second, depth+1, "Second: ");
ParseViewStateGraph(((Triplet) node).Third, depth+1, "Third: ");
}
else if (node is Pair)
{
tw.Write(String.Concat(Indent(depth), label, "PAIR"));
ParseViewStateGraph(((Pair) node).First, depth+1, "First: ");
ParseViewStateGraph(((Pair) node).Second, depth+1, "Second: ");
}
else if (node is ArrayList)
{
tw.Write(String.Concat(Indent(depth), label, "ARRAYLIST"));
// display array values
for (int i = 0; i < ((ArrayList) node).Count; i++)
ParseViewStateGraph(((ArrayList) node)[i], depth+1, String.Format("({0}) ", i));
}
else if (node.GetType().IsArray)
{
tw.Write(String.Concat(Indent(depth), label, "ARRAY "));
tw.Write(String.Concat("(", node.GetType().ToString(), ")"));
IEnumerator e = ((Array) node).GetEnumerator();
int count = 0;
while (e.MoveNext())
ParseViewStateGraph(e.Current, depth+1, String.Format("({0}) ", count++));
}
else if (node.GetType().IsPrimitive || node is string)
{
tw.Write(String.Concat(Indent(depth), label));
tw.Write(node.ToString() + " (" + node.GetType().ToString() + ")");
}
else
{
tw.Write(String.Concat(Indent(depth), label, "OTHER - "));
tw.Write(node.GetType().ToString());
}
}
#endregion
/// <summary>
/// Returns a string containing the <see cref="IndentString"/> property value a specified number of times.
/// </summary>
/// <param name="depth">The number of times to repeat the <see cref="IndentString"/> property.</param>
/// <returns>A string containing the <see cref="IndentString"/> property value a specified number of times.</returns>
protected virtual string Indent(int depth)
{
StringBuilder sb = new StringBuilder(IndentString.Length * depth);
for (int i = 0; i < depth; i++)
sb.Append(IndentString);
return sb.ToString();
}
#endregion
#region Properties
/// <summary>
/// Specifies the indentation to use for each level when displaying the object graph.
/// </summary>
/// <value>A string value; the default is three blank spaces.</value>
public string IndentString
{
get
{
return indentString;
}
set
{
indentString = value;
}
}
#endregion
}
}
这是一个简单的页面,用于从文本框中读取视图状态,并使用上面的代码对其进行图形化
private void btnParse_Click(object sender, System.EventArgs e)
{
// parse the viewState
StringWriter writer = new StringWriter();
ViewStateParser p = new ViewStateParser(writer);
p.ParseViewStateGraph(txtViewState.Text);
ltlViewState.Text = writer.ToString();
}
正如刚才提到的另一个人,它是一个base64编码的字符串.在过去,我使用此网站对其进行解码:
http://www.motobit.com/util/base64-decoder-encoder.asp
这是另一个在2014年运行良好的解码器:http://viewstatedecoder.azurewebsites.net/
这对Ignatu解码器失败并且"序列化数据无效"的输入起作用(尽管它使BinaryFormatter序列化数据未解码,仅显示其长度).
JavaScript-ViewState-Parser:
解析器应该与大多数未加密的 ViewState 一起工作。它不处理 .NET 版本 1 使用的序列化格式,因为该版本非常过时,因此在任何实际情况下都不太可能遇到。
http://deadliestwebattacks.com/2011/05/29/javascript-viewstate-parser/
解析 .NET ViewState
深入了解 ViewState,第一部分:
http://deadliestwebattacks.com/2011/05/13/a-spirited-peek-into-viewstate-part-i/
深入了解 ViewState,第二部分:
http://deadliestwebattacks.com/2011/05/25/a-spirited-peek-into-viewstate-part-ii/
| 归档时间: |
|
| 查看次数: |
95162 次 |
| 最近记录: |