Skip to content

whwlsfb/ViewState-Cracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_zh-CN.md
README_zh-CN.md
 
 
machineKeys.txt
machineKeys.txt
 
 
pom.xml
pom.xml
 
 

Repository files navigation

ViewState-Cracker

A BurpSuite extension for passive scanning and brute-forcing ASP.NET ViewState keys.

English | 简体中文

Download

Precompiled package: Releases

Compilation

Requires Maven and JDK 17.

$ mvn package

Usage

Download machineKeys.txt and place it in the same directory as the plugin JAR. Then, install the plugin in BurpSuite (recommended version 2024.10 or later) to enable it.

The plugin will automatically extract ViewState-related data from request and response traffic. When it detects an unsigned ViewState or successfully brute-forces a key, it will automatically generate a BurpSuite issue entry.

No requests will be generated during the scanning and brute-forcing process.

Acknowledgments

Partial code and inspiration for this plugin are derived from the following projects:

The MachineKey dictionary is sourced from:

About

ASP.net ViewState密钥被动扫描爆破BurpSuite插件

Topics

crack burpsuite viewstate burpsuite-extension

Resources

Readme

License

Apache-2.0 license
Activity

Stars

220 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases 3

1.2-SNAPSHOT Latest
Aug 19, 2025
+ 2 releases

Packages

 
 
 

Contributors

Languages