Discover more from hrbrmstr's Daily Drop
Drop #334 (2023-09-13): Slice-Dice-Mince-Chop: Browser-Based Data Ops
CyberChef; cryptii; Ciphereditor
I was going to ditch today's theme/content (well, reassign it to another day) after learning about Mosaic yesterday, but we'll save Mosaic for Friday (it's “bigger than a breadbox”).
Today, we look at three (well, “2”, really…you'll see) tools that operate solely in a local browser context (after loading), and that enable you to do all sorts of unnatural things to anything you can paste into a textbox.
Let's dig in.
This is an AI-generated summary of today's Drop.
This time, being frustrated with the poor URL generation, I tried a slightly modified prompt to Perplexity. It worked, but I'll leave it on for a few days/weeks to verify. Here's said prompt:
The attached file contains a blog post in Markdown format with three main sections of content. I would like a very concise three bullet summary of it. Each bullet should succinctly describe a section and include the link to the primary resource being covered. Please try to recreate the URLs as exactly as possible. Tune down your temperature if necessary.
CyberChef: A versatile web app for performing various “cyber” operations within a web browser, developed by GCHQ. Try it out at CyberChef.
cryptii: A simpler predecessor to Ciphereditor, offering modular conversion, encoding, and encryption online. Check it out at cryptii.
Ciphereditor: An educational and productive web application for engaging with cryptography, ciphers, and data. Experience it at Ciphereditor.
As I was having a chat with a work colleague I realized (yes, my brain is odd) that I mentioned CyberChef back in April, but just assumed (a violation of my 2023 resolution) folks knew about it. We rectify that today.
CyberChef is a versatile web app designed to perform a wide array of “cyber” operations within a web browser. Developed by GCHQ, the UK's Government Communications Headquarters, it offers simple encoding methods like XOR and Base64, alongside more complex encryption techniques such as AES, DES, and Blowfish. CyberChef also provides tools for creating binary and hexdumps, compressing and decompressing data, calculating hashes and checksums, parsing IPv6 and X.509, changing character encodings, and much more.
Like I repeat, further down, in another section, the best way to grok how to use it is, well, to use it. Substack despises long URLs, so please tap “CyberChef” after hitting that link.
The above is featured in the section header. Head over to CyberChef and try to decode it by dragging one of the rectangles in the "Favourites” pane to the “Recipe” pane.
While it runs 100% in the browser, you can avoid an external URL hit by:
ensuring you have Node.js version 18 and npm version 8 (nvm is usually a good way of managing your Node versions).
clone the CyberChef repository:
git clone https://github.com/gchq/CyberChef.git
install the dependencies:
After installing the dependencies, you can use
npm start to play around with it in dev-mode, or build it and stick it behind a Caddy or nginx reverse proxy.
Alphasec has a nice write-up with a one-click “deploy on railway” button.
We aren't going to spend much time on cryptii, since it is the predecessor to the tool in the last section. I'm mostly including it since it is a bit simpler to use.
Cryptii is a web application that offers modular conversion, encoding, and encryption online. It enables us to interact with various ciphers, formats, algorithms, and methods (referred to as “bricks”) while keeping them easily combinable. The translations are done in the browser without any server interaction, ensuring privacy and security. The section header shows one conversion example.
The tool is an excellent resource for learning about cryptography and encryption. Its interactive and visual interface allows enables risk-free experimentation with different ciphers and encoding methods, making it an engaging and informative tool for both beginners and experienced users.
In addition to its educational value, Cryptii can be used for practical purposes, such as participating in Capture the Flag (CTF) competitions. That’s a contest where hackers and security enthusiasts compete to solve various tasks and challenges involving cryptography, steganography, reverse engineering, and web exploitation.
A big limitation of it is the singular, unidirectional operational flow. This is where cryptii's sibling shines, so let's just dig into that right now…
Ciphereditor is an educational and productive web application created to help folks engage with cryptography, ciphers, and just “data” in an accessible way. As the successor to cryptii (above), initiated in 2009, it offers a fresh interaction model based on reactive values in a directed graph.
Honestly, you can glean all you need to by just exploring the tool, but let's walk through the example in the section editor, which you can also find here/live. Same deal. Substack hates giant links, so please tap “Ciphereditor” after visiting that link.
The start node is just some text (👋!), and in that node the characters in the text are converted to hex. Four other nodes take the original text as input and:
Base64 encodes it
Converts it to uppercase
Counts the number of characters
The base64 encoded output is then sent to a block that computes the entropy, and the character count is multiplied.
This is the list of presently supported operations:
The site's documentation and UX are top-notch, so I'll leave y'all in their capable hands to explore it further.
Imagine all the bytes we could save if we stopped using the nigh-useless “d” in Wednesday. ☮