Loading Ruby Marshal Decoder...
Decode Ruby Marshal data (format 4.8) into readable JSON. Common in Rails cookies and cache. Paste hex or base64. Runs entirely in your browser.
Ruby's Marshal.dump produces a binary format, starting with the version bytes 0x04 0x08, used to persist objects in Rails sessions, caches like Memcached and Redis, and job queues. It is also a deserialization attack surface when untrusted Marshal data reaches Marshal.load. This tool decodes Marshal data into readable JSON so you can inspect what it contains.
Input:
04085b0869066907690 8 (hex) or BAhbCGkGaQdpCA== (base64)
Output:
[1, 2, 3]
Where do I find Marshal data?
In Rails cookie sessions (when the Marshal serializer is used), Memcached/Redis cache entries, and ActiveJob payloads. It always starts with the bytes 0x04 0x08.
Why pair it with the Rails decryptor?
A Rails encrypted cookie often contains Marshal data once decrypted. Decrypt the cookie first, then decode the Marshal payload here.
Does it run the objects?
No. It only parses the byte stream, so it is safe to inspect untrusted Marshal data that you would never pass to Marshal.load.
Is anything uploaded?
No. Decoding runs entirely in your browser.
Decode Ruby Marshal data (format 4.8, starting with 0x0408) into readable JSON. Common in Rails cookies and cache. Paste hex or base64. Runs in your browser.
Decodes nil, booleans, integers, bignums, floats, strings, symbols (shown as :name), arrays, hashes and objects (shown with __class). Symbol and object references are resolved. Pairs with the Rails cookie decryptor for analysing session payloads.