Skip to main content

Cyber Chef - Bake your data!


The cyber chef is a security tool which uses for encoding, decoding, encrypting and data analytics. It is available on GitHub ( https://gchq.github.io/CyberChef/)  and provides services from simple encoding process to complex encryption process. It was implemented for the British government as a  part of MI5 and MI6 project. However, now it can be used by both technical and non-technical personnel without the knowledge of algorithms. The cyber chef is a freely available web application that can be used online. The offline version is also available to download.


The cyber chef has some features to complete conversion tasks.
  1. Input – Where to paste or write text that wanted to convert. Up to 500mb file can be dragged to the input field.
  1. Output – Where converted text is displayed.
  1. Recipe – where tools used for converting are dragged and dropped.
  1. Operations – Contain all the operations. These operations covert input text into selected form and display in output filed.
  • Decode a base-64 encoded data
  • Encrypt data using different algorithms.
  • Extract particular data (domain name, IP addresses) from the given output.
  • Covert date and time to different time zone.
  • Convert the hexdump data and decompress it.
  • Encrypt and decrypt data.
  • Carry out different operations on data of different types
  • Perform AES decryption, extracting the IV from the beginning of the cipher stream
  • Automatically detect several layers of nested encoding

Since cyber chef has automatic bake option, the output is displayed after you drop the operation into the recipe area. Auto bake option can be disabled when a large size file is used for conversion. Moreover, the input text type can be identified by the tool. Hence magic operation attempts to identify various properties of the input data and suggests which operations could help to make more sense of it. There is a search and replace option to remove characters. Output results can be saved as a file, or copy to clipboard or send as an input to the input field in cyber chef. Each and every field in cyber chef has delete option too.

Cyber chef compatible for Google Chrome, Mozilla Firefox, and Microsoft edge. It works for an entire client side and never send recipe configuration or input to the cyber chef web server. Even though Cyber chef provides us many built-in functions it is still in the developing process. There is testing and bug fixing process needs to be done and additional documentation and new features to be added. 

Comments

Post a Comment

Popular posts from this blog

Change Language in Google Account

When we create an email address, sometimes we do not consider the language preferences. Afterward, when we log in to a google account, context will be shown as unfamiliar. So we can change the language preferences of google account by following steps.  1.  Click on the Google profile and select google account 2.  Select data & personalization settings. 3. Scroll down and go to general preferences for the web. And click language. 4. If you need to change the default language, click on the pen sign. 5. If you want to add more languages, click on add other languages.
Post a Comment
Read more

Synchronizer Token Pattern

Synchronizer token pattern is one of the prevention methods for Cross-Site Request Forgery ( CSRF ). It uses a value called CSRF token which is unique for a session identifier. When the user login to a website, the server generates a random value called token for a particular session. The token is saved on the server as well as the browser (after obtained from the server). PHP identifies the session using the session variable ‘PHPSESSID’ which is also stored in the browser as the cookie to identify a particular session. The server validates the user when each request is made, via comparing the token value in the server and token value in the browser. Through this write up how synchronizer token pattern is implemented and how does it works will be described.  (Click on the images to view clearly) Source code of the implemented program can be downloaded from here .  I have implemented a login page called index.html to enroll a user to the server. T...
Post a Comment
Read more

CSRF - Cross Site Request Fogery

Cross-site request forgery (CSRF) is an attack where the legitimate user trapped by an unauthorized user to perform an unintended task to a website where they are authenticated. Since HTTP is a stateless protocol, cookies are used to validate the request agent. Once the user login to a website, it will not require to type the username and password for each attempt. Hence, for the server to identify the user, the server generates a session identifier and sends it as a set-cookie header to the client browser with the very first response. The cookie set by the server will be saved in the client browser and, the cookie will be sent along with every request made to the server (Where the domain and path are matched). However, the server does not check any other attribute but session identifier. Although the request is made from another client, the website only verifies whether the requesting user is already authenticated or not, using a cookie. For example, if a person logged in...
Post a Comment
Read more