Decoder

This is a useful tool for performing manual or intelligent decoding and encoding of application data.

1. In Burp, go to "Proxy" > "HTTP history" tab.

2. Open the display filter by clicking on the filter tab.

3. Enter the search text == in the search box under the "Filter by search term" section.

   

4. Select the POST request to /login page.

5. In the request body, select the base64 encoded text value for the parameter "JSESSIONID3".

6. Right-click and select "Send to Decoder" option.

   

7. Switch to the "Decoder" tab.

8. In Burp > "Decoder" tab, click on the "Decode as ..." dropdown menu, and select "Base64" option from the dropdown list.

   

9. You should see the decoded text in a new box.

   

10. In "Decoder" tab, overwrite the value in the first input box with following value:

    https://192.168.56.104/lessons/fdb94122d0f032821019c7edf09dc62ea21e25ca619ed9107bcc50e4a8dbc100.jsp

11. Click on "Encode as ..." > "URL".

    

12. The URL encoded value should appear in a new table.

13. Click on "Encode as ..." > "HTML".

14. The HTML encoded value should appear in a new table.

    

15. Click on "Smart decode" button, against the box that holds (URL + HTML) encoded value, to see the original URL being retrieved automatically by Burp Decoder.