Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/allfro/dotNetBeautifier
A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
https://github.com/allfro/dotNetBeautifier
Last synced: about 1 month ago
JSON representation
A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
- Host: GitHub
- URL: https://github.com/allfro/dotNetBeautifier
- Owner: allfro
- Created: 2014-03-11T17:08:56.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2015-06-29T23:22:14.000Z (over 9 years ago)
- Last Synced: 2024-08-02T00:22:58.802Z (4 months ago)
- Language: Java
- Size: 144 KB
- Stars: 12
- Watchers: 5
- Forks: 14
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-burp-extensions - .NET Beautifier - A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE). (Beautifiers and Decoders)
README
About
-----Have you ever pen-tested a .NET app and found that it has all sorts of ugly parameter names
(i.e. ctl0$blah$foo$VeryLongLine)? Sometimes these parameters can be pages long (i.e. __VIEWSTATE). Have you felt
like tearing your hair out because you can't even read the whole parameter name and see what it's corresponding value
is in your small screen at a client site? Don't you wish you could only focus on the meat of the request?Well cry no more! This tool is about bringing awesome back to pen-testing .NET apps. It makes requests like this:
```
POST /Default.aspx HTTP/1.1
Host: annoying-web-app
Referer: https://annoying-web-app/Default.aspx
Cookie: ASP.NET_SessionId=zprxqvwll4yoi0gbeactgzdd
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1903__VIEWSTATE=%2oiAIHfiohsdoigjKLASgjghajklgjSDGsjdglSDJg9SDJGsdgjSGJDDSasdfja9sdjfasdfja0sdfjasd53j5235923nf9ja9fsdjfajsD
... [1000 lines later] ...
&ctl00%24ctl00%24InnerContentPlaceHolder%24Element_42%24ctl00%24FrmLogin%24TxtUsername_internal=username&ctl00%24ctl00%2
4InnerContentPlaceHolder%24Element_42%24ctl00%24FrmLogin%24TxtPassword_internal=password&ctl00%24ctl00%24InnerContentPla
ceHolder%24Element_42%24ctl00%24BtnLogin=Login
```Look like this:
```
POST /Default.aspx HTTP/1.1
Host: annoying-web-app
Referer: https://annoying-web-app/Default.aspx
Cookie: ASP.NET_SessionId=zprxqvwll4yoi0gbeactgzdd
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1903
X-dotNet-Beautifier: 259; DO-NOT-REMOVE__VIEWSTATE=&TxtUsername_internal=username&TxtPassword_internal=password&BtnLogin=Login
```All **without** compromising the integrity of the outgoing message so you can alter the values of the parameters you
want to target *without losing your mind*! Better yet, you can send "beautified" messages to other tools within Burp and
the outgoing messages will get automatically transformed back into what the web app expects from us.**WAWAWEWA!**
Requirements
------------You'll need the following to get started:
- the latest version of BurpSuite versions 1.6 or later.
- a positive attitude!Help!
-----This is still a work in progress so their may be a few bugs I haven't hammered out.