![\"\"](\"https:\/\/gtechbooster.com\/media\/2023\/01\/26001.jpeg\")
<\/a><\/div><\/div>That offering is CyberChef, a general purpose tool, therefore more useful than the specialized and niche Ghidra.It’s a tool that provides functionality that every developer needs for their day-to-day workload. That range of functionality is staggeringly large, ranging from the popular toBase64\/fromBase64 and URL encode\/decode, to encryption with AES\/DES\/Blowfish and JWT, to Arithmetic and Logic with calc and bitwise operations, up to Language and Charset conversions.<\/p>\n\n\n\n
As such, CyberChef is a tool that can be used in popular scenarios like:<\/p>\n\n\n\n
- \n
- Decode a Base64-encoded string<\/li>\n\n\n\n
- Convert a date and time to a different time zone<\/li>\n\n\n\n
- Parse a IPv6 address<\/li>\n\n\n\n
- Convert data from a hexdump, then decompress<\/li>\n\n\n\n
- Decrypt and disassemble shellcode<\/li>\n\n\n\n
- Display multiple timestamps as full dates<\/li>\n\n\n\n
- Carry out different operations on data of different types<\/li>\n\n\n\n
- Use parts of the input as arguments to operations<\/li>\n\n\n\n
- Perform AES decryption, extracting the IV from the beginning of the cipher stream<\/li>\n\n\n\n
- Automatically detect several layers of nested encoding<\/li>\n<\/ul>\n\n\n\n
It would be particularly handy when taking part in Hacking CTF competitions.<\/p>\n\n\n\n
And that’s just the tip of the iceberg.The complete list of categories is: <\/p>\n\n\n\n
- \n
- Data format<\/li>\n\n\n\n
- Encryption \/ Encoding<\/li>\n\n\n\n
- Public Key<\/li>\n\n\n\n
- Arithmetic \/ Logic<\/li>\n\n\n\n
- Networking<\/li>\n\n\n\n
- Language<\/li>\n\n\n\n
- Utils<\/li>\n\n\n\n
- Date \/ Time<\/li>\n\n\n\n
- Compression<\/li>\n\n\n\n
- Hashing<\/li>\n\n\n\n
- Code tidy<\/li>\n\n\n\n
- Forensics<\/li>\n\n\n\n
- Multimedia<\/li>\n\n\n\n
- Flow control<\/li>\n\n\n\n
- Other<\/li>\n<\/ul>\n\n\n\n
while from those categories an incomplete list of operations is:<\/p>
<\/a><\/div><\/div>\n\n\n\n- \n
- HexdumpFrom<\/li>\n\n\n\n
- HexdumpTo<\/li>\n\n\n\n
- HexFrom<\/li>\n\n\n\n
- HexTo<\/li>\n\n\n\n
- CharcodeFrom<\/li>\n\n\n\n
- CharcodeTo<\/li>\n\n\n\n
- DecimalFrom<\/li>\n\n\n\n
- DecimalTo<\/li>\n\n\n\n
- BinaryFrom<\/li>\n\n\n\n
- BinaryTo
<\/li>\n\n\n\n - EncryptAES<\/li>\n\n\n\n
- DecryptBlowfish<\/li>\n\n\n\n
- EncryptBlowfish<\/li>\n\n\n\n
- DecryptDES<\/li>\n\n\n\n
- EncryptDES<\/li>\n\n\n\n
- DecryptTriple<\/li>\n\n\n\n
- EncryptTriple<\/li>\n\n\n\n
- DecryptRC2<\/li>\n\n\n\n
- EncryptRC2<\/li>\n\n\n\n
- DecryptRC4RC4
<\/li>\n\n\n\n - BeautifyJavaScript<\/li>\n\n\n\n
- ParserJavaScript<\/li>\n\n\n\n
- BeautifyJavaScript<\/li>\n\n\n\n
- MinifyJSON<\/li>\n\n\n\n
- BeautifyJSON<\/li>\n\n\n\n
- MinifyXML<\/li>\n\n\n\n
- BeautifyXML<\/li>\n\n\n\n
- MinifySQL<\/li>\n\n\n\n
- BeautifySQL<\/li>\n\n\n\n
- MinifyCSS
<\/li>\n\n\n\n - StringsExtract<\/li>\n\n\n\n
- IPaddressesExtract<\/li>\n\n\n\n
- emailaddressesExtract<\/li>\n\n\n\n
- MACaddressesExtract<\/li>\n\n\n\n
- URLsExtract<\/li>\n\n\n\n
- domainsExtract<\/li>\n\n\n\n
- filepathsExtract<\/li>\n\n\n\n
- expressionXPath<\/li>\n\n\n\n
- expressionJPath<\/li>\n\n\n\n
- EXIFExtract<\/li>\n<\/ul>\n\n\n\n
On top of that you can run operations on files too (you can load \nfiles up to 2GB) like compressing and decompressing them, calculating \ntheir hashes and checksums.<\/p>\n\n\n\n
Until this point you could just consider CyberChef as a beefed up but yet another data format converter.However, CyberChef takes it one step further in allowing you to combine operations into pipes where the output of the previous operation acts as input to the next one. In the following example I first Base64 encode a string and then AES encrypt it.<\/p>\n\n\n\n
I can save this two-step operation as a Recipe which can be recalled \nat any time. As such, instead of keeping collections of snippets which \nyou manually apply step by step onto your input, you can now automate \nthe process similar to using macros.<\/p>\n\n\n\n
CyberChef runs exclusively on the client’s browser without any server initiated interaction.Therefore even if you use the live playground version <\/a>hosted on GCHQ’s Github repo, the secret agents won’t have access to any of the data you submit (for a change!).<\/p>\n\n\n\n
As a matter of fact CyberChef can be downloaded as a single bundle and be carried around on a USB stick or any other media, handy when there’s no network connection and that Hex to Octal conversion just cannot wait. Saying that, there’s also a CyberChef server version for those preferring to self-host and provide an API for clients to send CyberChef recipes to be baked. All that available under the Apache 2.0 License and also covered by Crown Copyright.<\/p>\n\n\n\n
More Information \u2139<\/h6>\n\n\n\n