Deploying CyberChef

Introduction

CyberChef is a powerful web-based application for carrying out all manner of “cyber” operations within a browser. Often called “The Cyber Swiss Army Knife”, CyberChef provides over 300 operations covering everything from simple encoding and decoding to complex encryption, compression, data analysis, and network protocol operations. Whether you’re a security analyst investigating suspicious files, a developer debugging encoded data, or a penetration tester analyzing captured traffic, CyberChef provides the tools you need in one convenient interface.

What makes CyberChef exceptional is its visual recipe-based approach. You drag and drop operations into a recipe, chain them together, and watch data transform in real-time. Need to Base64 decode something, then decompress it, extract strings, and convert to hex? That’s four operations chained together in seconds. The interface is intuitive enough for beginners but powerful enough for seasoned security professionals working with complex data transformations.

Whether you’re analyzing malware samples, debugging encoded web tokens, reverse engineering protocols, or simply need a reliable toolset for data manipulation, CyberChef handles it all client-side in your browser. Deploying CyberChef on Klutch.sh gives you a private instance for sensitive work, reliable infrastructure for your security operations, and the peace of mind that your data never leaves your control—perfect for compliance-sensitive environments and security professionals who need guaranteed data privacy.

This comprehensive guide walks you through deploying CyberChef on Klutch.sh, optimizing the static site for production, implementing security best practices, customizing the interface for your team, and exploring the vast array of operations available for your cybersecurity and development workflows.

Why Deploy CyberChef on Klutch.sh?

Automated Docker Detection: Klutch.sh automatically detects your Dockerfile in the repository root and builds your container without manual configuration
Data Privacy: Run your own private instance where sensitive data never leaves your infrastructure
No External Dependencies: CyberChef runs entirely client-side—data processing happens in the browser
Fast Static Serving: Optimized static file serving ensures instant operation responses
Compliance-Ready: Perfect for organizations with strict data handling requirements
Team Access: Provide secure access to your security operations team
Always Available: Reliable infrastructure ensures CyberChef is there when you need it

Prerequisites

Before you begin deploying CyberChef on Klutch.sh, ensure you have:

A Klutch.sh account with dashboard access
A GitHub account for repository hosting
Docker installed locally for testing (optional but recommended)
Basic understanding of web applications and static sites
Familiarity with data encoding, encryption concepts
Knowledge of Docker containers and deployment concepts
Understanding of cybersecurity workflows (beneficial but not required)

Understanding CyberChef Architecture

Technology Stack

CyberChef is built as a pure client-side web application with minimal server requirements:

Core Platform:

Pure JavaScript for all operations (no server-side processing)
Web Workers for performance-intensive operations
Service Workers for offline capability
HTML5 and modern browser APIs
Webpack for build and bundling
Node.js for build process only (not runtime)

Key Components:

Operations Library: Over 300 operations for data transformation
Recipe Engine: Chain operations together with visual drag-and-drop
Input/Output System: Supports text, files, and binary data
Baking System: Real-time or manual execution of recipes
Module System: Organized operations by category (Encryption, Encoding, Compression, etc.)
UI Framework: Intuitive drag-and-drop interface
File Operations: Handle large files efficiently in browser
Magic Mode: Automatic detection of data encoding
Recipe Storage: Save and share recipes via URLs
Favourites System: Quick access to frequently used operations

Operation Categories:

Data format operations (JSON, XML, CSV, YAML)
Encoding/Decoding (Base64, Hex, URL, HTML entities)
Encryption/Decryption (AES, DES, RSA, RC4, Blowfish)
Hashing (MD5, SHA1, SHA256, SHA512, etc.)
Compression (Gzip, Zip, Bzip2, Zlib)
String operations (Find/Replace, Extract, Split, Join)
Binary operations (XOR, Bitwise operations)
Network operations (IP analysis, DNS, HTTP parsing)
Date/Time operations (Format conversion, calculations)
Image operations (Extract metadata, QR code generation)
Code beautify/minify (JavaScript, HTML, CSS, SQL)
Cryptographic analysis (Frequency analysis, entropy)
File type detection and parsing
Regular expressions and pattern matching
Mathematical operations

Installation and Setup

Step 1: Create Your Project Directory

Start by creating a new directory for your CyberChef deployment project and initialize a Git repository:

mkdir cyberchef-klutch
cd cyberchef-klutch
git init

This directory will contain your Dockerfile and configuration files for serving CyberChef.

Step 2: Create the Dockerfile

Create a Dockerfile in your project root directory. Klutch.sh will automatically detect this file and use it to build your container. Here’s a production-ready Dockerfile for CyberChef:

# Build stage
FROM node:18-alpine AS builder

# Set working directory
WORKDIR /app

# Clone CyberChef repository
RUN apk add --no-cache git && \
    git clone --depth 1 --branch v10.19.2 https://github.com/gchq/CyberChef.git . && \
    apk del git

# Install dependencies and build
RUN npm install && \
    npm run build

# Production stage
FROM nginx:alpine

# Copy built files from builder
COPY --from=builder /app/build/prod /usr/share/nginx/html

# Create nginx configuration
RUN cat > /etc/nginx/conf.d/default.conf <<'EOF'
server {
    listen 80;
    server_name _;
    root /usr/share/nginx/html;
    index index.html;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;

    # Cache static assets
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Main application
    location / {
        try_files $uri $uri/ /index.html;
    }

    # Health check endpoint
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }
}
EOF

# Expose port
EXPOSE 80

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost/health || exit 1

# Start nginx
CMD ["nginx", "-g", "daemon off;"]

Key Features of This Dockerfile:

Multi-stage build to minimize final image size
Builds CyberChef from official GCHQ repository
Uses Nginx Alpine for efficient static file serving
Includes gzip compression for faster loading
Security headers for enhanced protection
Long cache times for static assets
Health check endpoint for monitoring
Optimized for production use

Step 3: Alternative Dockerfile (Pre-built Version)

If you prefer to use pre-built CyberChef releases, here’s an alternative Dockerfile:

FROM nginx:alpine

# Install dependencies
RUN apk add --no-cache wget unzip

# Download and extract CyberChef release
ARG CYBERCHEF_VERSION=10.19.2
RUN wget https://github.com/gchq/CyberChef/releases/download/v${CYBERCHEF_VERSION}/CyberChef_v${CYBERCHEF_VERSION}.zip && \
    unzip CyberChef_v${CYBERCHEF_VERSION}.zip -d /usr/share/nginx/html && \
    rm CyberChef_v${CYBERCHEF_VERSION}.zip && \
    apk del wget unzip

# Create nginx configuration
COPY nginx.conf /etc/nginx/conf.d/default.conf

# Expose port
EXPOSE 80

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost/health || exit 1

# Start nginx
CMD ["nginx", "-g", "daemon off;"]

Step 4: Create Nginx Configuration (for Alternative Dockerfile)

If using the alternative Dockerfile, create an nginx.conf file:

server {
    listen 80;
    server_name _;
    root /usr/share/nginx/html;
    index CyberChef_v10.19.2.html;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data: blob:;" always;

    # CORS headers (if needed for cross-origin access)
    # add_header Access-Control-Allow-Origin "*" always;
    # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;

    # Cache static assets
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }

    # Main application
    location / {
        try_files $uri $uri/ /CyberChef_v10.19.2.html;
    }

    # Redirect root to CyberChef
    location = / {
        return 301 /CyberChef_v10.19.2.html;
    }

    # Health check endpoint
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }
}

Step 5: Test Locally with Docker (Optional)

Before deploying to Klutch.sh, you can test your CyberChef setup locally:

# Build the Docker image
docker build -t my-cyberchef .

# Run the container
docker run -d \
  --name cyberchef \
  -p 8080:80 \
  my-cyberchef

# Check logs
docker logs cyberchef

# Access CyberChef at http://localhost:8080

Test some operations:

Navigate to http://localhost:8080
Try a simple Base64 encode operation
Test a recipe with multiple operations
Verify the interface loads correctly

When you’re done testing:

# Stop and remove container
docker stop cyberchef
docker rm cyberchef

Step 6: Create Documentation File

Create a README.md file documenting your CyberChef deployment:

# CyberChef Deployment

This repository contains the Docker configuration for deploying CyberChef on Klutch.sh.

## What is CyberChef?

CyberChef is a web-based application for carrying out cyber operations within a browser. It provides over 300 operations for data transformation, analysis, and manipulation.

## Features

- 300+ operations covering encoding, encryption, compression, and more
- Visual recipe builder with drag-and-drop interface
- Client-side processing (data never leaves your browser)
- Support for files and binary data
- Magic mode for automatic operation detection
- Recipe sharing via URLs

## Deployment

This Docker image serves CyberChef as a static application via Nginx.

### Building

```bash
docker build -t cyberchef .

Running

docker run -p 8080:80 cyberchef

Usage

Open CyberChef in your browser and start creating recipes!

Example Recipes

Decode JWT Token:

From Base64 (URL safe)
JSON Beautify

Extract Strings from Binary:

Extract strings
Find / Replace (filter noise)
Sort

Decrypt AES:

From Hex
AES Decrypt
To UTF8

Security Notes

All operations run client-side in the browser
No data is sent to external servers
Perfect for sensitive data operations
Runs entirely offline once loaded

License

CyberChef is licensed under Apache License 2.0.

### Step 7: Prepare Your Repository for Deployment

Commit your configuration files to your GitHub repository:

```bash
git add Dockerfile nginx.conf README.md
git commit -m "Add CyberChef Docker configuration"
git remote add origin https://github.com/yourusername/cyberchef-klutch.git
git branch -M main
git push -u origin main

Deploying to Klutch.sh

Now that your CyberChef project is ready and pushed to GitHub, follow these steps to deploy it on Klutch.sh.

Deployment Steps

Log in to Klutch.sh

Navigate to klutch.sh/app and sign in to your account.
Create a New Project

From your dashboard, create a new project. Give it a meaningful name like “Security Tools” to organize your deployments.
Create a New App

Within your project, create a new app for your CyberChef instance.
Select Your Repository
- Choose GitHub as your Git source
- Select the repository containing your CyberChef Dockerfile
- Choose the branch you want to deploy (typically main or master)
Configure Traffic Type
- Traffic Type: Select HTTP (CyberChef is a web application)
- Internal Port: Set to 80 (Nginx’s default HTTP port)
Environment Variables (Optional)

CyberChef doesn’t require environment variables as it’s a static application. However, you can add custom build variables if needed:
```
CYBERCHEF_VERSION=10.19.2
```
Configure Compute Resources

CyberChef is a lightweight static application. Select minimal resources:
- Small Deployment: 0.5 CPU, 512MB RAM (sufficient for most use cases)
- Standard Deployment: 1 CPU, 1GB RAM (recommended for team use)
Since all processing happens client-side in the browser, server resources are only used for serving static files.
Deploy Your Application

Click “Create” to start the deployment. Klutch.sh will:
- Automatically detect your Dockerfile in the repository root
- Build the Docker image with CyberChef
- Deploy the container with Nginx
- Assign a URL for accessing your CyberChef instance
Access Your CyberChef Instance

Once deployment is complete, you’ll receive a URL like example-app.klutch.sh. Navigate to this URL in your browser to access your CyberChef interface.
Verify Functionality

Test your deployment by:
- Opening the CyberChef interface
- Running a simple operation (e.g., Base64 encode)
- Creating a recipe with multiple operations
- Testing file upload functionality
- Verifying Magic mode works

Getting Started with CyberChef

After deployment, follow these steps to start using CyberChef for your data operations.

Understanding the Interface

Main Components:

Operations List (left panel): Browse and search 300+ operations
Recipe (center top): Your pipeline of operations
Input (center left): Paste or upload your data
Output (center right): See results in real-time
Controls (top bar): Bake, auto-bake, and other controls

Basic Workflow:

Drag operations from the left panel into the recipe
Configure operation parameters
Paste data into the input panel
Click “Bake” or enable “Auto Bake” for real-time results
View transformed data in the output panel

Common Operations and Examples

Example 1: Decode Base64 String

Let’s decode a Base64-encoded string:

Input: SGVsbG8sIFdvcmxkIQ==

Recipe:
1. From Base64

Output: Hello, World!

Example 2: Calculate File Hash

Generate SHA256 hash of text:

Input: This is my important data

Recipe:
1. SHA2 (Select SHA256)
2. To Hex

Output: 8f4e33f3dc3e414ff94e5fb6905cba8aa76f8612543d5a4e54...

Example 3: Decode JWT Token

Inspect a JSON Web Token:

Input: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Recipe:
1. JWT Decode

Output:
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"1234567890","name":"John Doe","iat":1516239022}

Example 4: Extract Strings from Binary

Pull readable text from a binary file:

Recipe:
1. Strings (minimum length: 4)
2. Unique
3. Sort

This extracts all readable text strings from uploaded binary data.

Example 5: Decode URL Parameters

Parse encoded URL query string:

Input: name%3DJohn%20Doe%26email%3Djohn%40example.com%26age%3D30

Recipe:
1. URL Decode
2. From Charcode (if needed)

Output: name=John Doe&email=john@example.com&age=30

Example 6: Encrypt with AES

Encrypt sensitive data:

Input: Secret message

Recipe:
1. To Hex
2. AES Encrypt
   - Key: MySecretKey123456
   - IV: RandomIV12345678
   - Mode: CBC
3. To Base64

Output: Encrypted Base64 string

Example 7: Analyze Character Frequency

Useful for cryptanalysis:

Input: Sample text to analyze

Recipe:
1. Frequency distribution
2. Chart

Shows frequency of each character, useful for decryption.

Example 8: Convert Image to Data URI

Create inline image data:

Recipe:
1. To Base64
2. Add line numbers (unchecked)
3. Find / Replace
   - Find: ^
   - Replace: data:image/png;base64,

Converts uploaded image to data URI for HTML.

Advanced Recipe Examples

Multi-Step Decoding:

Common pattern for analyzing obfuscated data:

Recipe:
1. URL Decode
2. From Base64
3. Gunzip
4. JSON Beautify
5. JPath expression ($.data.items[*].name)

This chain handles URL-encoded, Base64-encoded, gzipped JSON data.

Malware Analysis Pipeline:

Extract and analyze strings from suspicious files:

Recipe:
1. Strings (min length: 8)
2. Filter (regex: \b(?:http|ftp)s?://\S+)
3. Defang URL
4. Unique
5. Sort

Extracts URLs from binary and defangs them for safe handling.

Data Exfiltration Detection:

Find Base64-encoded data in logs:

Recipe:
1. Find / Replace (regex: ([A-Za-z0-9+/]{40,}={0,2}))
2. From Base64
3. Strings

Locates and decodes potential Base64-encoded data.

Using Magic Mode

Magic is CyberChef’s automatic operation detector:

Paste unknown encoded data into Input
Click the magic wand icon (Magic)
CyberChef analyzes patterns and suggests operations
Review suggested recipes
Click to apply the detected recipe

Example:

Input: 48656c6c6f2c20576f726c6421

Magic detects: From Hex
Output: Hello, World!

Magic can detect:

Base64 encoding
Hex encoding
URL encoding
Compression (Gzip, Deflate)
Common encryption patterns
Character encoding issues

Save Recipe:

Create your recipe
Click the save icon
Recipe is encoded in URL
Bookmark or share the URL

Load Recipe:

Click load icon
Paste shared recipe
Recipe operations appear
Add your input data

Example Recipe URL:

https://example-app.klutch.sh/#recipe=To_Base64('A-Za-z0-9%2B/%3D')

The recipe is encoded in the URL fragment, making it easy to share.

Working with Files

Upload Files:

Click “Load file” in Input panel
Select file from your computer
Operations process the file data
Works with text and binary files

Supported File Operations:

Extract strings from executables
Analyze file headers
Decompress archives
Parse image EXIF data
Extract ZIP contents
Read Office document metadata
Analyze PDF structure

Large File Handling:

CyberChef can handle reasonably large files (up to ~100MB depending on browser). For very large files:

Use chunked operations when available
Extract specific sections first
Consider preprocessing externally

Favourites System

Add to Favourites:

Find an operation you use frequently
Click the star icon on the operation
It appears in your Favourites category

Organize Workflow:

Add common operations to Favourites
Create custom recipes for frequent tasks
Build a personal toolkit

Keyboard Shortcuts

Essential Shortcuts:

Ctrl/Cmd + Enter - Bake recipe
Ctrl/Cmd + B - Toggle auto bake
Ctrl/Cmd + M - Toggle Magic
Ctrl/Cmd + S - Save recipe
Ctrl/Cmd + L - Load recipe
Ctrl/Cmd + F - Search operations

Real-World Use Cases

Security Analysis:

Analyzing suspicious email attachment:
1. Strings (extract readable text)
2. Find / Replace (filter for URLs/IPs)
3. Defang URL (make safe to view)
4. Entropy (detect encrypted sections)

Web Development:

Debug JWT token from API:
1. JWT Decode
2. Show Timestamp as Date
3. JSON Beautify

Forensics:

Extract data from memory dump:
1. Strings
2. Regular expression (find specific patterns)
3. To Table (organize findings)

Reverse Engineering:

Analyze obfuscated JavaScript:
1. URL Decode
2. JavaScript Beautify
3. Syntax highlighter
4. Extract URLs

Tips and Tricks

Performance Optimization:

Disable Auto Bake for large inputs
Use “Step through” to debug recipes
Filter operations with search
Break complex recipes into smaller parts

Data Format Detection:

If unsure of encoding:

Try Magic mode first
Look for patterns (= at end = Base64)
Test common operations (Base64, Hex, URL decode)
Check entropy (high entropy may indicate compression/encryption)

Recipe Development:

Start simple, add operations incrementally
Use “Breakpoint” to pause at specific operations
Test with sample data first
Save successful recipes for reuse

Production Best Practices

Security Recommendations

Access Control:

Use Klutch.sh authentication for team access
Consider VPN or IP whitelisting for sensitive deployments
Implement custom domain with TLS (Klutch.sh provides this)
Review nginx security headers configuration

Data Handling:

Remember: all processing is client-side
Data never leaves the user’s browser
Perfect for classified or sensitive information
No logging of input/output data
Consider disabling browser history for sensitive operations

Network Security:

# Additional security headers in nginx.conf
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header X-Frame-Options "DENY" always;

Compliance Considerations:

Document that data processing is client-side only
CyberChef itself sends no data to external servers
Suitable for HIPAA, PCI-DSS, and classified environments
Audit browser extensions that might intercept data
Consider air-gapped deployment for maximum security

Performance Optimization

Nginx Tuning:

# Optimize worker processes
worker_processes auto;
worker_connections 1024;

# Buffer sizes
client_body_buffer_size 16K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 8k;

# Timeouts
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;

Caching Strategy:

The Dockerfile already includes aggressive caching:

Static assets cached for 1 year
Immutable flag prevents revalidation
Gzip compression enabled
Minimal server resources needed

Browser Performance:

Modern browser recommended (Chrome, Firefox, Edge)
Sufficient RAM for large file operations
WebAssembly support for faster operations
Web Workers enabled for parallel processing

Monitoring and Maintenance

Health Monitoring:

The Dockerfile includes a health check endpoint:

# Test health endpoint
curl https://example-app.klutch.sh/health

Monitoring Metrics:

Container health status
Response time for static assets
Memory usage (should be minimal)
Error rate (4xx, 5xx responses)

Update Strategy:

Check for CyberChef updates regularly:

# Update to new version
# Edit Dockerfile to change version number
ARG CYBERCHEF_VERSION=10.20.0

# Rebuild and redeploy
git add Dockerfile
git commit -m "Update CyberChef to v10.20.0"
git push

Klutch.sh will automatically rebuild and deploy the new version.

Backup Considerations:

Since CyberChef is stateless:

No data to backup (everything is client-side)
Configuration is in your Git repository
Recipes are saved in URLs (users manage their own)
No database or persistent storage needed

Scaling Considerations

Horizontal Scaling:

CyberChef scales effortlessly:

Pure static content (no server state)
Can run multiple instances without coordination
Load balancer can distribute traffic
Each instance is independent

Resource Requirements:

Expected load per instance:
- 10 concurrent users: 0.5 CPU, 512MB RAM
- 50 concurrent users: 1 CPU, 1GB RAM
- 100+ concurrent users: 2 CPU, 2GB RAM

Network bandwidth per user:
- Initial load: ~5-10 MB (app download)
- Subsequent: <1 KB (HTML only)
- All processing is client-side

CDN Integration:

For global teams, consider:

Custom domain with CloudFlare
Edge caching for faster global access
DDoS protection
Geographic routing

Troubleshooting

Common Issues and Solutions

Issue: CyberChef Interface Not Loading

Check: Verify container is running in Klutch.sh dashboard
Check: Confirm internal port 80 is correctly configured
Check: Ensure HTTP traffic type is selected
Check: Review container logs for Nginx errors
Solution: Restart deployment if configuration changed
Solution: Verify Dockerfile built successfully
Solution: Test health endpoint: /health

Issue: Operations Not Working

Cause: Browser compatibility or JavaScript errors
Check: Use modern browser (Chrome, Firefox, Edge)
Check: Enable JavaScript
Check: Check browser console for errors
Solution: Clear browser cache and reload
Solution: Try different browser
Solution: Disable browser extensions that might interfere

Issue: Large Files Causing Browser Crashes

Cause: Insufficient browser memory
Check: File size (CyberChef handles up to ~100MB)
Check: Browser available memory
Solution: Process files in chunks
Solution: Extract specific sections first
Solution: Use more powerful computer
Solution: Consider preprocessing large files externally

Issue: Recipe URL Not Working

Cause: URL encoding issues
Check: Ensure complete URL is copied
Check: Special characters properly encoded
Solution: Use “Save recipe” feature instead of manual URL
Solution: Share recipe text directly
Solution: Test recipe locally first

Issue: Slow Performance

Cause: Complex operations or large data
Check: Disable Auto Bake for large inputs
Check: Browser performance
Solution: Break recipe into smaller steps
Solution: Use more efficient operations
Solution: Update to latest browser version
Solution: Close unnecessary browser tabs

Issue: Nginx 413 Error (Request Too Large)

Cause: File upload exceeds nginx limit
Check: File size limit in nginx configuration
Solution: Increase client_max_body_size in nginx.conf:

client_max_body_size 100m;

Then rebuild and redeploy.

Issue: Security Headers Blocking Functionality

Cause: Too restrictive Content Security Policy
Check: Browser console for CSP violations
Solution: Adjust CSP in nginx.conf:

add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data: blob:;" always;

Issue: Mobile Device Performance

Cause: Mobile browsers have limited resources
Check: Device capabilities
Solution: Use desktop browser for complex operations
Solution: Reduce data size
Solution: Use simpler recipes

Getting Help

If you encounter issues not covered here:

Review CyberChef Wiki
Check CyberChef GitHub Issues
Visit Official CyberChef Demo
Review Contributing Guide
Contact Klutch.sh support through the dashboard

Advanced Configuration

Custom Domain Configuration

Use your own domain for better branding:

Configure custom domain in Klutch.sh (see custom domains guide)
Update DNS records to point to your Klutch.sh app
Klutch.sh automatically provisions TLS certificate
Access via your custom domain (e.g., tools.yourdomain.com)

Custom Branding

Customize CyberChef appearance:

Add Custom Logo:

Modify the build to include your organization’s logo:

# In Dockerfile, after copying built files
COPY logo.png /usr/share/nginx/html/images/logo.png

Custom Styling:

Add custom CSS to override default styles:

#banner {
    background-color: #1a1a2e;
}

#operations {
    background-color: #16213e;
}

.operation {
    background-color: #0f3460;
    border-color: #e94560;
}

Include in Dockerfile:

COPY custom-style.css /usr/share/nginx/html/assets/css/custom.css

Nginx Advanced Configuration

Rate Limiting:

Prevent abuse with rate limiting:

# Add to http block
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

# Add to server block
location / {
    limit_req zone=one burst=20 nodelay;
    try_files $uri $uri/ /index.html;
}

Access Logging:

Configure detailed access logs:

# Custom log format
log_format main '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent"';

access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;

SSL/TLS Optimization:

If using custom domain with TLS:

# Modern SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

Building Custom CyberChef

Create a custom build with only needed operations:

Create custom build configuration:

module.exports = {
    // Only include specific operations
    includeModules: [
        "Default",
        "Encoding",
        "Encryption",
        "Compression",
        "Hashing"
    ],
    excludeModules: [
        "Multimedia",
        "Logical",
        "DateTime"
    ]
};

Modified Dockerfile:

FROM node:18-alpine AS builder
WORKDIR /app

# Clone and configure
RUN apk add --no-cache git && \
    git clone --depth 1 https://github.com/gchq/CyberChef.git . && \
    apk del git

# Copy custom config
COPY custom-build-config.js .

# Build with custom config
RUN npm install && \
    npm run build -- --config custom-build-config.js

# ... rest of Dockerfile

Embedding CyberChef

Embed CyberChef in other applications:

Iframe Embed:

<iframe
  src="https://example-app.klutch.sh"
  width="100%"
  height="800"
  frameborder="0"
  allowfullscreen>
</iframe>

With Specific Recipe:

<iframe
  src="https://example-app.klutch.sh/#recipe=To_Base64('A-Za-z0-9%2B/%3D')"
  width="100%"
  height="800"
  frameborder="0">
</iframe>

API-like Usage:

While CyberChef doesn’t have a traditional API, you can programmatically generate recipe URLs:

// Generate CyberChef URL with recipe
function generateCyberChefURL(operations, input) {
  const recipeStr = operations.map(op =>
    `${op.name}(${op.params.map(JSON.stringify).join(',')})`
  ).join(',');

  const encodedRecipe = encodeURIComponent(recipeStr);
  return `https://example-app.klutch.sh/#recipe=${encodedRecipe}&input=${encodeURIComponent(input)}`;
}

// Usage
const url = generateCyberChefURL([
  { name: 'From_Base64', params: ['A-Za-z0-9+/=', true] }
], 'SGVsbG8gV29ybGQ=');

console.log(url);

Integration with Security Tools

SIEM Integration:

Create links to CyberChef from SIEM alerts:

# Python example: Generate CyberChef analysis link
def analyze_in_cyberchef(encoded_data):
    base_url = "https://example-app.klutch.sh"
    recipe = "#recipe=From_Base64('A-Za-z0-9%2B/%3D')URL_Decode()JSON_Beautify('%20%20%20%20')"
    input_param = f"&input={urllib.parse.quote(encoded_data)}"
    return f"{base_url}{recipe}{input_param}"

# Use in alert handler
alert_data = get_alert_payload()
analysis_url = analyze_in_cyberchef(alert_data)
send_to_analyst(analysis_url)

Forensics Workflow:

Integrate with forensics tools:

#!/bin/bash
# Extract and analyze strings from suspicious file

strings suspicious.bin > extracted.txt

# Generate CyberChef URL for analysis
DATA=$(cat extracted.txt | base64)
RECIPE="Find_/_Replace(%7B'option':'Regex','string':'%5B%5E%5Cs%5D%2B'%7D,'%5C%5Cn',true,false,true,false)"
echo "Analyze in CyberChef:"
echo "https://example-app.klutch.sh/#recipe=${RECIPE}&input=${DATA}"

Additional Resources

Conclusion

Deploying CyberChef on Klutch.sh provides a powerful, private data transformation and analysis platform where all processing happens client-side in the browser. With automated Docker detection, optimized static file serving, comprehensive security headers, and reliable infrastructure, Klutch.sh makes it easy to host your own instance of this essential security tool.

By following this comprehensive guide, you’ve learned how to:

Create a production-ready Dockerfile for CyberChef with Nginx
Optimize static file serving with compression and caching
Configure security headers for enhanced protection
Deploy a lightweight, fast-loading static application
Use 300+ operations for data transformation and analysis
Create complex recipes by chaining operations
Utilize Magic mode for automatic encoding detection
Save and share recipes with your team
Handle files and binary data in the browser
Implement security best practices for sensitive data
Troubleshoot common deployment and usage issues
Customize and brand CyberChef for your organization
Integrate with security tools and workflows

Your CyberChef instance is now ready to handle encoding, decoding, encryption, compression, hashing, and hundreds of other operations for your cybersecurity and development needs. Since all processing happens client-side, you can work with sensitive data knowing it never leaves the browser—perfect for security-conscious organizations and compliance-sensitive environments. Enjoy having your own private instance of the Cyber Swiss Army Knife!