Table of Contents
CyberChef is a simple modern web application that can be used for analysis, encoding/decoding data without interacting with complex algorithms. Programming languages or tools. It is easy to use and can be understood by both technical & non-technical people.
According to CyberChef, there are around 200 useful operations in CyberChef for anyone working on anything vaguely Internet-related, whether you just want to convert a timestamp to a different format, decompress gzipped data, create a SHA3 hash, or parse an X.509 certificate to find out who issued it.
It is expected that CyberChef will be useful for cybersecurity and antivirus companies. It should also appeal to the academic world and any individuals or companies involved in the analysis of digital data, be that software developers, analysts, mathematicians, or casual puzzle solvers.
Keyboard Shortcuts (Key bindings)
Command |
Shortcut(Win/Linux) |
Shortcut
(Mac) |
Place Cursor in the search field |
Ctrl+Alt+f |
Ctrl+Opt+f |
Place Cursor in the input box |
Ctrl+Alt+i |
Ctrl+Opt+i |
Place Cursor in the output box |
Ctrl+Alt+i |
Ctrl+Opt+i |
Place Cursor in first argument field of the next
operation in the recipe |
Ctrl+Alt+o |
Ctrl+Opt+o |
Place Cursor in first argument field of the nth operation in the recipe |
Ctrl+Alt+[1-9] |
Ctrl+Opt+[1-9] |
Disable current operation |
Ctrl+Alt+d |
Ctrl+Opt+d |
Set/clear breakpoint |
Ctrl+Alt+b |
Ctrl+Opt+b |
Bake |
Ctrl+Alt+Space |
Ctrl+Opt+Space |
Step |
Ctrl+Alt+’ |
Ctrl+Opt+’ |
Clear recipe |
Ctrl+Alt+c |
Ctrl+Opt+c |
Save to file |
Ctrl+Alt+s |
Ctrl+Opt+s |
Load recipe |
Ctrl+Alt+l |
Ctrl+Opt+l |
Move output to input |
Ctrl+Alt+m |
Ctrl+Opt+m |
Tools Provided by CyberChef
- Data Formats, such as Hex, Base64, Binary, Octal, Decimal, etc.
- Encryption/Encoding, such as AES, DES, Blowfish, RC2, RC4, Enigma, Bombe, etc.
- Public Key, such as PEM to Hex, Hex to PEM, PGP Encrypt & Decrypt, etc.
- Arithmetic Logic, Networking, Forensics, and a variety of tools to explore.
- We will look at some of the tools of CyberChef and the rest of the tools can be self-explored after little practice and understanding.
To use CyberChef Visit:
CyberChef
CyberChef is a versatile web application for all kinds of cyber operations, from encoding and decoding to data analysis and transformation. Explore its features to streamline your cybersecurity workflows.
Base 64 Encoding/ Decoding
Base64 is a notation for encoding arbitrary byte data using a restricted set of symbols that can be conveniently used by humans and processed by computers.
Base 64 Encoding
- Open CyberChef & Drag To Base 64 under Favorites or Data Format Menu and Drop it under the Recipe Section.
- Under the Recipe Section, you can choose a different Base64 Algorithm, by default standard, is set.
- By default, Auto Bake is enabled which dynamically reflects changes in output for provided input if the Recipe is changed.
- You can untick Auto Bake & do it manually as well.
- Under Input, the Section provides a string to encode.
- You will get a Base64 encoded string under the Output section.
Refer to the below image to understand the whole process.
Base64 Decoding
- Open CyberChef & Drag From Base 64 under Favorites or Data Format Menu and Drop it under the Recipe Section.
- Under the Recipe Section, you can choose a different Base64 Algorithm by default standard is set.
- By default, Auto Bake is enabled which dynamically reflects changes in for provided input if the Recipe is changed. You can untick Auto Bake & do it manually as well.
- Under the Input Section, provide Base64 string to decode.
- You will get a Plain-Text string under the Output section.
Refer to the below image to understand the whole process.
AES Encryption/Decryption
Key: The following algorithms
will be used based on the size of the key:
16 bytes = AES-128
24 bytes = AES-192
32 bytes = AES-256
You can generate a password-based key using one of the KDF operations.
- IV: The Initialization Vector should be 16 bytes long. If not entered, it will default to 16 null bytes.
- Padding: In CBC and ECB mode, PKCS#7 padding will be used.
- GCM Tag: This field is ignored unless 'GCM' mode is used & it is used while decryption.
AES Encryption
- Open CyberChef & Drag AES Encrypt present under the Encoding Encryption Menu and Drop it under the Recipe Section.
- Under the Recipe Section, provide Key & IV. (According to standard sue & IV is optional)
- By default, Auto Bake is enabled which dynamically reflects changes in output for provided input if the Recipe is changed.
- You can untick Auto Bake & do it manually as well.
- Under the Input Section, provide a plain-text string to encode.
- You will get an AES Encrypted string under the Output section.
Follow similar steps for AES Decryption . Instead of AES Encrypt, select AES Decrypt & Provide AES String as Input Key IV Input.
Hex to PEM
Converts a hexadecimal DER (Distinguished Encoding Rules) string into PEM (Privacy Enhanced Mail) format.
- Open CyberChef & Drag Hex to PEM present under the Public Key Menu and Drop it under the Recipe Section.
- Under the Recipe Section, provide the Header String.
- By default, Auto Bake is enabled which dynamically reflects changes in output for provided input if the Recipe is changed.
- You can untick Auto Bake & do it manually as well.
- Under the Input Section, provide a HEX to convert into PEM.
- You will get a PEM string under the Output section.
Refer to the below image to understand the whole process (the example shows the use of plain text.)
Generate QR Code
- Generates a Quick Response (OR) code from the input text.
- A QR code is a type of matrix barcode (or two-dimensional barcode) first designed in 1994 for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached.
- Open CyberChef & Drag Generate QR Code present under the Other Menu and Drop it under the Recipe Section.
- Under the Recipe Section, provide arguments that are Image Format, Module Size Margin & Error Correction.
- By default, Auto Bake is enabled which dynamically reflects changes in Output for provided input if The recipe is changed You can untick Auto Bake & do it manually as well.
- Under Input, the Section provides a Plain-Text String to get a QR Code.
You will get a QR Code under the Output section.
There are tons of other tools present in CyberChef that are worth spending time with and exploring. It is highly recommended to practice each of them. They are sometimes useful while playing Capture the Flags, doing investigations, or performing a penetration test. With practice, you will get an in-depth understanding of each & every tool.