JavaScript ViewState Parser

I completed the first version of a JavaScript-based ViewState decoder.

The parser should work with most non-encrypted ViewStates. It doesn’t handle the serialization format used by .NET version 1 because that version is sorely outdated and therefore too unlikely to be encountered in any real situation.

I’m working on a version to decode encrypted ViewState. That version will require knowledge of the decryption key. (While creating a brute-forcer in JavaScript to guess the decryption key might be interesting from a development perspective, it’s utility is questionable and success improbable.)

The next step will be the ability to edit the ViewState contents and re-serialize it.

If you encounter any problems, feel free to ask questions or post troublesome ViewStates in the comments below.

%d bloggers like this: