A few useful CyberChef recipes.
This is the recipe to decode a JWT token. The steps are:
- URL decoding
- Base64 decoding (for each section)
- Remove the signature blob
- JSON formating (easier to read)
jwt.io is probably a better alternative but the above recipe can be a starting point if you're going to do further operations on the decoded JWT.
This is the recipe to decode a SAML assertion. The steps are:
- URL decoding
- Base64 decoding
- Decompression
- XML formating (easier to read)
This one is not really a recipe but more of a fun operation that I contributed to the CyberChef project. ROT8000 is a Caesar cipher shifting characters by 8000 in the Unicode charset, the same way ROT13 shifts latin characters by 13 in the latin alphabet. Also similarly to ROT13, ROT8000 is an involution meaning that if you apply it twice, you end up with the original plaintext message (in other words the ciphering and deciphering functions are the same). A more detailed description of the ROT8000 function can be found on its inventor's page. This is not encryption nor secure in any way, shape or form! Use it just for fun.
Coincidently, with ROT8000 latin characters typically end up in the Chinese symbol section of the Unicode charset. So latin text ciphered with ROT8000 looks like Chinese text to a casual observer (unless you can read Chinese and then it's pretty obvious that the text is gibberish). In this recipe you can see an example and if you enable the second ROT8000 function in the recipe you can see how the text gets deciphered back to its original plaintext: