Home

 

 

Blog

 

Burp suite
About
Screenshots
Help
Download
Professional

 

Burp intruder

 

Burp proxy

 

Burp spider

 

Burp sequencer

 

Burp repeater

 

Books

 

Misc

 

 

RSS

 



Search site
 




Burp Decoder help

Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognising several encoding formats using heuristic techniques.

To start using Burp Decoder, you can simply type or paste some data into the main panel. In a typical situation, however, you will identify some "interesting" data in the course of using one of the other Burp tools, and you can use the "send to decoder" option to automatically load the relevant information into the tool:

You can use the "text" and "hex" radio buttons to toggle the editor to use on your data.

When you have loaded some interesting data into Burp Decoder, you can use the various encoding and decoding functions to manipulate it. There are two primary ways in which you will typically employ Burp Decoder: manually, and using smart decode

Manual decoding and encoding

To perform manual decoding and/or encoding, you use the drop-down lists to select the required operation. If no data has been selected, the operation will applied to the entire data; otherwise, it will be applied only to the selected data.

The following decode and encode operations are available:

  • URL
  • HTML
  • Base64
  • ASCII hex
  • hex
  • octal
  • binary
  • GZIP

In addition to the decode and encode operations, various common hash functions are available, dependent upon the capabilities of your Java Runtime Environment.

The operation which has been applied to each character within the input data is indicated using the same colourisation as is used in the drop-down lists. When one or more operations have been applied, an additional panel appears containing the results of the operation. Data which has not been manipulated is copied into the new panel in its raw form; other data is inserted based on the results of the configured manipulation. It is possible to perform multiple different operations at different positions within the input data:

When an additional panel has appeared, this has the same capabilities as the original panel, and you can modify the raw data, and select additional decoding or encoding operations as required. This will result in a further panel appearing, enabling you to perform multiple recursive operations on a piece of input data, and view the results of each stage.

Smart decode

On any panel within Burp Decoder, you can click the "smart decode" button. This will cause Burp Decoder to attempt to intelligently decode the contents of that panel by looking for data that appears to be encoded in recognisable formats such as URL-encoding or HTML-encoding. When this action is requested, it is performed recursively, continuing until no further recognisable data formats are identified. This option can be a useful first step when you have identified some opaque data within an application request or response, and want to take a quick look to see if it can be easily decoded into a more recognisable form. The decoding that has been applied to each position within the input data is indicated using the usual colourisation:

Because Burp Decoder makes a "best guess" attempt to recognise some common encoding formats, it will sometimes make mistakes. When this occurs, you can easily see all of the stages involved in the decode, and the operation applied at each position, so you can manually "correct" any particular operation, and continue the decoding manually or smartly from this point.

Copyright (c) 2007 PortSwigger. All rights reserved.