Appsec

Decoder

This is a useful tool for performing manual or intelligent decoding and encoding of application data.

  1. In Burp, go to "Proxy" > "HTTP history" tab.

  2. Open the display filter by clicking on the filter tab.

  3. Enter the search text == in the search box under the "Filter by search term" section.

  4. Select the POST request to /login page.

  5. In the request body, select the base64 encoded text value for the parameter "JSESSIONID3".

  6. Right-click and select "Send to Decoder" option.

  7. Switch to the "Decoder" tab.

  8. In Burp > "Decoder" tab, click on the "Decode as ..." dropdown menu, and select "Base64" option from the dropdown list.

  9. You should see the decoded text in a new box.

  10. In "Decoder" tab, overwrite the value in the first input box with following value:

    https://192.168.56.104/lessons/fdb94122d0f032821019c7edf09dc62ea21e25ca619ed9107bcc50e4a8dbc100.jsp

  11. Click on "Encode as ..." > "URL".

  12. The URL encoded value should appear in a new table.

  13. Click on "Encode as ..." > "HTML".

  14. The HTML encoded value should appear in a new table.

  15. Click on "Smart decode" button, against the box that holds (URL + HTML) encoded value, to see the original URL being retrieved automatically by Burp Decoder.

PreviousSequencerNextComparer

Last updated