gchq / cyberchef Goto Github PK
View Code? Open in Web Editor NEWThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Home Page: https://gchq.github.io/CyberChef
License: Apache License 2.0
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Home Page: https://gchq.github.io/CyberChef
License: Apache License 2.0
Great tool.
Any chance you could add event and time based one time password generation
The html_inline task in Grunt needs to be updated as the download image filename has changed and the pattern no longer matches.
Releasing CyberChef is an incredible act of generosity! Thank you so much!
Sometime between November 28 when it worked on an iPad and now, the web app stopped working. In particular, the operations tab no longer appears and the layout of the input/output areas is below the Bake button. Nor do links at the top right function. I suspect a JavaScript error is interrupting the page load but the debugging environment on iOS is not conducive to seeing what is going on.
firefox 48.0.2.
About/Support dialog > FAQs tab:
the anchors on the current 3 faqs for some reason do not create the usual cursor (pointer). not sure why. the blockquote??
possible fixes (not all checked):
other...
html (starting line 301): https://github.com/gchq/CyberChef/blob/master/src/html/index.html
Thank you for great tool!
It will be nice to see algorithms from ISO14443 and ISO13239 contactless smartcards standards.
0x6363
or 0xC6C6
in reversed bit order.0x1021
and no final XOR.I've made my own calculator for example https://hub.zhovner.com/tools/nfc/
I'm trying something very simple and I can't figure out if the flaw is on me or on them.
Take a base64 encoded payload as Input: "AAAAI9Dw0qHYq9+61/XPtJS20bTAn+yV5o/hh+jK8J7rh+vLtpbr". I use the "From Base64" module.
The result is differential XOR crypt. The seed is 171. I select the XOR module and use 171 as the key. Then i pick "differential" option. Doesn't work.
Recipe:
[{"op":"From Base64","args":["A-Za-z0-9+/=",false]}
{"op":"Drop bytes","args":["0","4",false]}
{"op":"XOR","args":[{"option":"Hex","string":"AB"},false,true]}]
Am I missing something? This is a very simple example.
The simple python code that decodes it is this:
def decrypt(string):
key = 171
result = ""
for i in string:
a = key ^ ord(i)
key = ord(i)
result += chr(a)
return result
string = "AAAAKtDygfiL/5r31e+UtsWg1Iv5nPCR6LfEsNGlwOLYo4HyhueT9tTu36Lfog=="
result = decrypt(base64.b64decode(string)[4:])
print "decoded: ", result
print "Length: " , struct.unpack("I", string[0:4])
Can we have a tag or a release please?
As a packager, without a tag or release, it is difficult to create reproducible builds without this.
Request summary
Development of an operation to calculate MD6 hashes. CyberChef already supports MD5 hashing thanks to CryptoJS (example and code).
Arguments
Example input and output
Digest length == 128
Input: Test
Output: bc7e7a90c6610310a6c386ba0482c889
Digest length == 256
Input: Test
Output: 2543e1c393d880e4564fed11f15d03ade6c5ccb9dbbd45ff1808010cbd82bdd2
Digest length == 512
Input: Test
Output: 702fd91632a6df15bb5041eb2ea031f7b931564eeb5324e92250bf2f4a8cb5eb7f40a607341b1ede16c880040bd04ab828f9aa81b5da3967111cdcdafd390839
Resources
https://en.wikipedia.org/wiki/MD6
http://groups.csail.mit.edu/cis/md6/submitted-2008-10-27/Supporting_Documentation/md6_report.pdf
http://groups.csail.mit.edu/cis/md6/ - An implementation in C can be found in the Downloads section
https://github.com/Snack-X/md6 - Includes a JavaScript implementation (which will need to be checked for correctness)
Currently all your libs are manually specified:
https://github.com/gchq/CyberChef/blob/master/Gruntfile.js#L46-L125
This is a DRY violation and a pain to maintain.
Choose a modern module bundler: webpack, rollup, bunch etc: https://webpack.js.org/get-started/why-webpack/#comparison
When using the "Find / Replace" Operation with the "Extended" and "Simple string" options, the first instance of the text is replaced and no recursion takes place (with and without the "Multiline matching" option checked).
Attachment MESSAGE_7.zip
Attachment MESSAGE_9.zip
When using "Extended" with one Find / Replace recipe finding "\r\n" or two recipes finding "\r" and "\n", replacing with "" (nothing), the first line is modified and no others (with or without "Multiline matching" enabled). However, utilizing these Extended search terms as "Regex" in two recipes, all new lines are removed.
When using "Simple string" to find "Attachment " or "Attachment " and replace it with "" (nothing), the same behavior noted above for "Extended" occurs. Only the first line is modified, unless the option is toggled to "Regex", then all lines are parsed.
My initial workaround was to create one recipe parsing to replace about ten lines with Regex, move the data to Notepad++ to replace the Extended and Simple string, then back to CyberChef to use a second recipe to bake out the final changes needed. After testing, I am able to use the Regex option as a workaround to find/replace the needed Extended and Simple string in one recipe.
Request summary
Development of operations to calculate MD2 and MD4 hashes. CyberChef already supports MD5 hashing thanks to CryptoJS (example and code).
Example input and output
MD2
Input: Test
Output: 1178f3ddf625018179a93c1a0298dfa9
MD4
Input: Test
Output: 5d9381b52cd41a87bc8fcc7726aec03a
Resources
https://en.wikipedia.org/wiki/MD2_(cryptography)
https://en.wikipedia.org/wiki/MD4
Using the following babel config you can encode your supported browsers:
{
"presets": [
["env", {
"targets": {
"chrome": 55,
"firefox": 50,
},
"modules": false,
}]
]
}
This way you'll be able to use all features of es2016 and those features not supported in chrome or firefox will be automatically translated by babel.
modules: false is set because module bundlers need the "import/export" keywords to create an optimized bundle.
It works fine in Chrome on iMac but not in Chrome on IPad, I guess the drag target event might not be handled. Mostly other things seem to be fine on an iPad. The app is a boon due to the paucity of text tools on the device.
Add the possibility to create files for translation. Usefull for operations name, arguments and description
It would be nice to have the ability to add a note or comment to an operation. I can see this being useful if you publish a receipt and you want to provide some clarity on why your doing a specific operations. An example would be why your using the "Drop Bytes" operation.
This could be represented by icon on the operation and then displayed with a mouse over event.
Thanks,
Superhac
Hi :)
I'm French developer and because we develop in English, we often need to translate french words to english to create variables or anything.
It would be great to have a translation operation in CyberChef ๐
For example to create a slug url from french sentence :
Input text : "Ma page d'accueil"
Translate operation (FR -> EN) : "My homepage"
To lowercase : "my homepage"
Regex to replace whitespaces : "my-homepage"
Tadaaa ๐๏ธโโ๏ธ
Hi,
It looks like it's not possible to use the output of an action as a parameter (ex: a key) in another action. Am I right? If yes, that could be an interesting feature so one could chain operations like using a key derivation function to generate the key used to encrypt an input).
Thanks.
It's likely worthwhile to keep the live demo inline with the master branch.
Based off of some quick research, the preferred mechanism seems to leverage travis-ci
Links:
https://gist.github.com/domenic/ec8b0fc8ab45f39403dd
https://github.com/steveklabnik/automatically_update_github_pages_with_travis_example
Request summary
Development of Unicode support for the Strings operation. Currently the Strings operation can only detect strings matching the following regular expression: [A-Z\\d/\\-:.,_$%'\"()<>= !\\[\\]{}@]
.
It should also be able to detect strings that have been encoded in UTF-16 and (ideally) other Unicode formats. This support should be toggle-able via an argument.
Example input and output
The following recipe should match against the word "Test": https://gchq.github.io/CyberChef/?recipe=%5B%7B%22op%22%3A%22Text%20encoding%22%2C%22args%22%3A%5B%22UTF8%22%2C%22UTF16%22%5D%7D%2C%7B%22op%22%3A%22Strings%22%2C%22args%22%3A%5B%223%22%2Cfalse%5D%7D%5D&input=VGVzdA
Could you please add the input/output scheme parameter thats in the regular XOR operation to the XOR Brute Force operation.
Thanks!
The time taken to run PBKDF2 is scales non-linearly with iterations. This is due to the the underlying PBKDF2 algorithm in CryptoJS. This prevents the use of nice large iteration counts as it recommended for this algorithm.
Benchmark showing problem
SJCL has a better implementation. Alternatively CryptoJS could be fixed.
JSON Beautify and JSON Minify code tidy operations yield an error message when the input box is empty.
It should add the operation to the recipe box without error, similar to the other operations.
The following error message is displayed:
eg:
css/lib/bootstrap3.min.css
html/index.html
js/config/Categories.js
Your source code directories should be chosen by feature, not filetype. This keeps style, markup and code together when navigating your codebase.
There's no need to add extra redundant file type information to your paths, we already know it's a js file because the path ends with js
. You can use **/*.js
to select them in scripts.
Request summary
Development of operations to Tar and Untar input data.
Example input and output
Untar
Input: Test.tar.txt
Output: Should list both filenames and the file contents. Similar output to the Unzip operation.
Resources
Request summary
Development of an operation to carry out Bzip2 compression. CyberChef already supports Bzip2 decompression thanks to the bzip2.js library (code).
Resources
https://en.wikipedia.org/wiki/Bzip2
http://www.bzip.org/downloads.html
http://www.bzip.org/1.0.5/bzip2-manual-1.0.5.html
I noticed that the package.json file has no external dependencies at all (except for dev). This seems like a bad idea as it results in the planned obsolescence and excessive bundling highlighted in #2. I'd like to add features that depend on npm packages, but before I do so, I want to know if there is some specific policy about not using external dependencies or whether I should import stuff manually.
I was expecting this tool to be available for offline use when clicking on download button. But it doesn't respond.
HTML-encoded astral Unicode symbols are incorrectly decoded.
E.g. 𝌆
becomes ํ
instead of ๐
.
Perhaps you could use https://github.com/mathiasbynens/he for HTML entity encoding/decoding.
Hi all, there's a small XSS bug in your tool that you might wanna fix:
PoC:
https://gchq.github.io/CyberChef/?recipe=[{"op"%3A"XOR"%2C"args"%3A[{"option"%3A"He<iframe onload%3Dalert`1`>x"%2C"string"%3A""}%2Cfalse%2Cfalse]}]
The problem seems to be located in the method HTMLApp.prototype.set_recipe_config:
Affected Source:
[...]
for (var j = 0; j < args.length; j++) {
if (args[j].getAttribute("type") == "checkbox") {
// checkbox
args[j].checked = recipe_config[i].args[j];
} else if (args[j].classList.contains("toggle-string")) {
// toggle_string
args[j].value = recipe_config[i].args[j].string;
args[j].previousSibling.children[0].innerHTML = recipe_config[i].args[j].option +
" <span class='caret'></span>";
} else {
// all others
args[j].value = recipe_config[i].args[j];
}
}
[...]
The recipe JSON from location.search
is parsed correctly yet not sanitized before user input hits the recipe list's innerHTML
property. It might make sense to sanitize those using DOMPurify or comparable tools.
Note: this attack can even be persisted by using the reflected XSS to modify the content of the localStorage
container.
The attacker would simply add another HTML injection into the object favourites
and thereby make sure, that the injected JavaScript executes next time the user re-opens CyberChef. After one successful injection and execution, the localStorage
object has to be modified again to persist the attack.
PoC for persistence:
Astral Unicode symbols such as ๐
are incorrectly encoded as two separate entities (one for each surrogate half).
E.g. ๐
becomes ��
instead of &119558;
or 𝌆
.
Perhaps you could use https://github.com/mathiasbynens/he for HTML entity encoding/decoding.
Currently all 3rd party code is stored in https://github.com/gchq/CyberChef/tree/master/src/js/lib
It would be much easier to manage updates to these packages if they were declared in your package.json and installed via yarn install
https://yarnpkg.com/
With the setting "Update the URL when the input or recipe changes" turned on (the default), each update of the URL results in Chrome 54.0.2840.99m on Win10 rerequesting the favicon.
As a result, user input including parameters supplied to operations such as cryptographic keys are disclosed to the server via URL parameters in the Referer header. This is inconsistent with the feature statement "it should be noted that none of your input or recipe configuration is ever sent to the CyberChef web server". Worth noting to paranoid users that the web server in this instance belongs to GitHub, not to the GCHQ.
Perhaps these parameters could be moved into client-side hash parameters or this setting turned off by default and a warning provided when turned on?
All the other encrypt/decrypt pairs appear to work except for the AESEncrypt->AESDecrypt. If you AESEncrypt a string with any key, AESDecrypt does not output that same string with the same key. In fact, it doesn't seem to output anything.
To allow for quick parsing of senders from a domain in an email list, can a delete action be added to the Split Operation's "Split delimiter" where any characters trailing the "Join delimiter" are removed? Currently, this is being performed by a bulkier Excel "Text to Columns" delimited on "@".
Thanks for the consideration.
Re Issue #45 that was closed. It still seems broken on my iPad running ios 9 with Chrome. I sleuthed where the breakage seemed to be. It works at this commit:
https://cdn.rawgit.com/gchq/CyberChef/a4c9bb890746cbea09de1b775f64b21577c59362/cyberchef.htm
and fails at the next commit:
https://cdn.rawgit.com/gchq/CyberChef/7bcf560ff15ba59379b7af14b98498b5b5a924d7/cyberchef.htm
The only change at that commit is the switch from jsHint to EsLint so I think it must be something esLint is doing or maybe the order files are being packaged and maybe two functions with the same name but different load orders -- just theories.
JS unescape() decodes hex values prepended with "%". It would be nice to have.
Hello, thanks to all contributors working on this project.
I would like to request the addition of base58 en/decoding, which is used for human-friendly encoding in cases like bitcoin addresses, etc.
Cheers!
It is a feature request. It would be great to have GPG based (d)encryption that processes texts, either by encrypting (with a public key) or dencrypting messages (with a private key).
just adding ToHex + FromHexDump after eachother should return the input as it forms an identity function. In CyberChef it returns the input without the last character.
Example: 'hello' -> 'hell'
It would be really cool to allow multiple input/output windows, and assign various recipes to them.
As a simple example, I want to be able to:
As a pentester, this would be really useful when wanting to mess around with data then stick it back into a request.
Obviously the current workaround to this is to have 2 CyberChef tabs open (one for decoding, one for encoding), and then copy between them.
Can we have a dark theme please?
yarn add --dev eslint
Hello,
It's probably something I'm doing wrong, but I'm trying to get this to work with Apache and CentOS 7.
/var/www/CyberChef/build/prod/
total 232
drwxr-sr-x 3 root apache 4096 Dec 3 22:44 .
drwxr-sr-x 4 root apache 4096 Dec 3 22:44 ..
-rw-r--r-- 1 root apache 28005 Dec 3 22:44 cyberchef.htm
-rwxr-xr-x 1 root apache 1800 Dec 3 22:44 .htaccess
drwxr-sr-x 2 root apache 4096 Dec 3 22:44 images
-rw-r--r-- 1 root apache 28069 Dec 3 22:44 index.html
-rw-r--r-- 1 root apache 162961 Dec 3 22:44 styles.css
<VirtualHost *:80>
ServerName cyberchef.outsideit.net
ServerAlias cyberchef.outsideit.net
DirectoryIndex index.html
DocumentRoot /var/www/CyberChef/build/prod/
LogLevel warn
ErrorLog /var/log/httpd/error_http.log
CustomLog /var/log/access_http.log combined
</VirtualHost>
The results look like this in http://cyberchef.outsideit.net/
The Operations column isn't shown and the buttons don't seem to work. Any advice to get this working is very much appreciated.
Willem
Would be cool to be able to have an ingredient which can do XPath queries
Request summary
Development of operations to convert data to and from the BCD format.
Arguments
Example input and output
Input | Output |
---|---|
0 | 0000 |
1 | 0001 |
2 | 0010 |
8 | 1000 |
Resources
https://en.wikipedia.org/wiki/Binary-coded_decimal
Optional extensions
Add the capability to support different types of BCD encoding as specified in the Wikipedia entry or elsewhere.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.