CyberChef; CyberChef Server; CyberChef MCP
Over 700 Drops in (counting Bonus Drops) and Iâm mystified I have not covered or even mentioned CyberChef before. Weâre fixing that today!
TL;DR
(This is an LLM/GPT-generated summary of todayâs Drop using Ollama + Qwen 3 and a custom prompt.)
- CyberChef is a browser-based tool for data manipulation and cryptographic operations, offering an intuitive interface for transforming data through drag-and-drop recipes (https://github.com/gchq/CyberChef)
- CyberChef-server provides a RESTful API for programmatic data transformation, enabling automation and integration with various programming languages and batch processing (https://github.com/gchq/CyberChef-server)
- The CyberChef MCP server allows AI agents to use CyberChefâs capabilities autonomously, enabling LLMs to interact with the tool through a Model Context Protocol for data analysis and transformation (https://github.com/slouchd/cyberchef-api-mcp-server)
CyberChef: The Swiss Army Knife of Data Manipulation Lives in Your Browser
If youâve ever found yourself staring at a Base64 blob wondering what secrets it holds, or needed to quickly XOR some data without firing up a development environment, then GCHQâs CyberChef is about to become your new best friend. This delightfully simple web app transforms your browser into a full-featured cryptographic (and more) workshop where you can drag, drop, and chain together operations like youâre building a LEGO set for data nerds. The interface is brilliantly intuitive: paste your mysterious/scary data into the input box, drag operations from the left sidebar into the middle ârecipeâ area, and watch the magic happen in real-time as CyberChef automatically âbakesâ your transformations. Whether youâre decoding timestamps, parsing IPv6 addresses, or reverse-engineering shellcode, the tool handles it all without breaking a sweat.
What makes CyberChef âtickâ is the recipe system, which lets us chain operations together. Need to extract an AES key from a hex dump, then use it to decrypt some data, then decompress the result? Just drag âFrom Hexdump,â âAES Decrypt,â and âGunzipâ into your recipe and let CyberChef do the heavy lifting. The tool even includes an âAuto Bakeâ feature that updates your output as you modify inputs or tweak parameters, plus breakpoints for stepping through complex transformations one operation at a time. The URL-based recipe sharing is particularly clever, letting you bookmark and share entire transformation workflows with colleagues. For example, this link takes you to what you see in the header image. Everything runs client-side in your browser, so potentially sensitive data never leaves your machin.
The tool excels at accessibility and discoverability. The search function helps us find operations when we know roughly what we want to do but canât remember the exact name, while the âMagicâ feature attempts to automatically detect encodings and suggest appropriate decoding operations. The highlighting system creates visual connections between input and output data, making it easier to understand what each transformation actually does to your bytes. With support for files up to 2GB and the ability to run completely offline after downloading, CyberChef bridges the gap between quick-and-dirty command-line tools and heavyweight analysis suites. Itâs the kind of tool that makes you wonder how you ever managed data transformation tasks without it, and once youâve built a few recipes, youâll find yourself reaching for it constantly throughout your day-to-day technical work.
Now, I cannot imagine what this blob saysâŚ
2e 2e 2e 20 2e 20 2d 2e 20 2d 2e 2e 0a 2e 2d 0a 2d 2e 20 2d 2d 2d 20 2d 20 2e 0a 2d 20 2d 2d 2d 0a 2e 2d 2d 2e 2d 2e 20 2e 2e 2e 2e 20 2e 2d 2e 20 2d 2e 2e 2e 20 2e 2d 2e 20 2d 2d 20 2e 2e 2e 20 2d 20 2e 2d 2e 20 2e 2d 2d 2e 2d 2e 20 2d 2d 20 2e 2d 20 2e 2e 2e 20 2d 20 2d 2d 2d 20 2d 2e 2e 20 2d 2d 2d 20 2d 2e 20 2e 2d 2e 2d 2e 2d 20 2e 2e 2e 20 2d 2d 2d 20 2d 2e 2d 2e 20 2e 2e 20 2e 2d 20 2e 2d 2e 2e 0a 2d 2d 2d 20 2e 2d 2e 0a 2d 2d 2d 20 2d 2e 0a 2d 2e 2e 2e 20 2e 2e 2e 20 2d 2e 2d 20 2d 2e 2d 2d 0a 2e 2d 20 2d 0a 2e 2d 2d 2e 2d 2e 20 2e 2e 2e 2e 20 2e 2d 2e 20 2d 2e 2e 2e 20 2e 2d 2e 20 2d 2d 20 2e 2e 2e 20 2d 20 2e 2d 2e 20 2e 2d 2e 2d 2e 2d 20 2d 2e 2e 20 2e 20 2e 2e 2e 2d 0a 2e 2e 20 2e 2e 2d 2e 0a 2d 2e 2d 2d 20 2d 2d 2d 20 2e 2e 2d 0a 2d 2d 20 2e 2d 20 2d 2e 20 2e 2d 20 2d 2d 2e 20 2e 20 2d 2e 2e 0a 2d 20 2d 2d 2d 0a 2d 2e 2e 20 2e 20 2d 2e 2d 2e 20 2d 2d 2d 20 2d 2e 2e 20 2e 0a 2d 20 2e 2e 2e 2e 20 2e 2e 20 2e 2e 2e 0a 2e 2e 2d 20 2e 2e 2e 20 2e 2e 20 2d 2e 20 2d 2d 2e 0a 2d 2e 2d 2e 20 2d 2e 2d 2d 20 2d 2e 2e 2e 20 2e 20 2e 2d 2e 20 2d 2e 2d 2e 20 2e 2e 2e 2e 20 2e 20 2e 2e 2d 2e 20 2d 2e 2d 2e 2d 2d
CyberChef Server: When Your Browser-Based Data Kitchen Needs to Scale
Dragon droppings (i.e., âdrag and dropâ) tools are fine, and all, but the GCHQ folks werenât content to keep all that data wrangling crunchy goodness locked inside browsers forever. Enter CyberChef-server, which takes those same spiffy ops and wraps them in a RESTful API that any programming language can talk to. Instead of manually dragging operations around in a web interface, you can now POST JSON payloads to /bake endpoints and get your transformed data back programmatically. So, you can prototype your data transformations in the visual CyberChef interface, export the recipe as JSON, and then drop that exact same recipe into your server-side code. Itâs like having a Babel Fish for data manipulation that speaks every programming language fluently.
This server opens up avenues for many automation and batch processing scenarios. Need to decode thousands of Base64 strings from a log file? The /batch/bake endpoint will churn through arrays of inputs without breaking a sweat. Working with a team of dashing and intelligent analysts who speak spiffy RStats while youâre stuck in Python-land? No problem! Everyone can hit the same HTTP endpoints and get consistent results. The server even includes that fantastic âMagicâ operation from the original tool, which attempts to automatically detect and decode mystery data formats. You can curl your way to wrangling enlightenment with endpoints that return detailed analysis of potential encodings, complete with confidence scores and language detection. The whole thing also runs in Docker if you want to keep your data transformation pipeline containerized and portable.
CyberChef MCP: Teaching LLM/GPT Agents to Cook with Data
So weâve journeyed from CyberChefâs browser-based recipe building to its RESTful server incarnation, and now someone has done the logical next thing: wrapped the whole shebang in a Model Context Protocol (MCP) server so your favorite LLM can start slinging cryptographic operations for you as your digital analyitcs agent. The cyberchef-api-mcp-server by @slouchd bridges that final gap between âhey, this tool is usefulâ and âhey, my AI assistant can actually use this tool autonomously.â Instead of copy-pasting hex dumps into ChatGPT and praying for the best, you can now give your AI agent â which can be 100% local Ollama! â direct access to CyberChefâs entire operation catalog, complete with the ability to chain transformations, process batches, and even invoke that magical auto-detection.
The implementation here is straightforward, and exposes five key functions that map to CyberChefâs core capabilities: browsing operation categories, listing specific operations, baking single recipes, batch processing multiple inputs, and performing magic detection operations. Using CyberChef via MCP will also preserve the exploratory workflow that makes CyberChef so powerful in the first place (vs. you having to remember to save the REPL or script you were using in just server mode; or remember to export the tool call workflow from the browser). Your LLM/GPT agent can start by browsing categories to understand what operations are available, then construct recipes step by step rather than needing to know the exact operation names upfront. The magic operation becomes especially potent when handed to a well-trained LLM that can reason about the results and potentially chain additional transformations based on what gets detected. Suddenly your LLM isnât just good at explaining code; itâs actively helping you reverse engineer data formats and decode mystery payloads.
The MCP protocol means this isnât locked to any specific âAIâ platform eitherâwhether youâre using Claude or some future model folks havenât dreamed up yet, the same CyberChef capabilities become available as native tools.
I highly suggest playing with CyberChef in at least one of these contexts (browser, REST, MCP) if you havenât used it before.
FIN
Remember, you can follow and interact with the full text of The Daily Dropâs free posts on:
- đ Mastodon viaÂ
@dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev - đŚ Bluesky viaÂ
https://bsky.app/profile/dailydrop.hrbrmstr.dev.web.brid.gy
âŽď¸
hrbrmstr's Daily Drop 
Leave a comment