JavaScript ViewState Parser

I completed the first version of a JavaScript-based ViewState decoder.

The parser should work with most non-encrypted ViewStates. It doesn’t handle the serialization format used by .NET version 1 because that version is sorely outdated and therefore too unlikely to be encountered in any real situation.

I’m working on a version to decode encrypted ViewState. That version will require knowledge of the decryption key. (While creating a brute-forcer in JavaScript to guess the decryption key might be interesting from a development perspective, it’s utility is questionable and success improbable.)

The next step will be the ability to edit the ViewState contents and re-serialize it.

If you encounter any problems, feel free to ask questions or post troublesome ViewStates in the comments below.

2 thoughts on “JavaScript ViewState Parser”

  1. Hello,There's a typo in the code that prevented me from running the code on Firefox 6, IE 9, Chrome 13.the code snippet:new Uint8Array(ArrayBuffer(this.m_raw.length));should be:new Uint8Array(new ArrayBuffer(this.m_raw.length));

Comments are closed.