是否有可能进行解密，并查看ViewState的价值观？ [英] Is it possible to decrypt and view ViewState values?

问题描述

我知道有工具，有将让你看到asp.net视图状态的内容。它是可以看到，如果它是通过添加加密的ViewState修改的内容＆LT;的machineKey ... /＆GT; 节点到web.config

I know there are tools out there that will let you see the content of asp.net viewstate. Is it possible to see and modify the content of viewState if it has been encrypted by adding the <machineKey ... /> node to the web.config?

推荐答案

当然。 ViewState的仅仅是的base64 连接codeD（除非你指定它应该被加密）。下面是别人的链接，写了一个 ViewState的观众。下面是另一个由弗里茨洋葱。你可能不能够直接修改的ViewState （即code之外），因为ASP.NET已经到位，特别确保没有检查已与篡改的ViewState 。请参阅 EnableViewStateMAC 设置更多。

Sure. ViewState is simply base64 encoded (unless you specify that it should be encrypted). Here's a link to someone that wrote a ViewState viewer. Here's another by Fritz Onion. You probably will not be able to directly modify the ViewState (i.e. outside of code) because ASP.NET has checks in place to specifically ensure that nothing has tampered with the ViewState. See the EnableViewStateMAC setting for more.

更新

由于死链接，链接到不同的观众都不再有效。然而，对于视图状态查看器的简单搜索可以找到其他人在互联网上，如 ASP.NET的ViewState观众

Thanks to link rot, the links to the various viewers are no longer valid. However, a simple search for "viewstate viewer" can find others on the Internet such as ASP.NET ViewState viewer

这篇关于是否有可能进行解密，并查看ViewState的价值观？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！