Burp Decoder is a tool that allows the tester to convert raw data into encoded data or to take encoded data and convert it back to plain text. The decoder supports several formats including URL encoding, HTML encoding, Base64 encoding, binary code, hashed data, and others. The decoder also includes a built-in hex editor.
- Burp Decoder is a tool that allows the tester to convert raw data into encoded data or to take encoded data and convert it back to plain text. Decoder supports several formats including URL encoding, HTML encoding, Base64 encoding, binary code, hashed data, and others. Decoder also includes a built-in hex editor.
- Decoder Improved - Improved decoder for Burp Suite. Cyber Security Transformation Chef - The Cyber Security Transformation Chef (CSTC) is a Burp Suite extension. It is build for security experts to extend Burp Suite for chaining simple operations for each incomming or outgoing message.
- Decoder tool in Burp Suite does the job of encoding and decoding data. Applications need to encode data while transmitting it or, in many cases, as a security measure. Encoding is not a security measure but a lot of developers mistake it to be.
Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.
Loading data into Decoder
You can load data into Decoder in two ways:
- Type or paste it directly into the top editor panel.
- Select data anywhere within Burp, and choose 'Send to Decoder' from the context menu.
You can use the 'Text' and 'Hex' buttons to toggle the type of editor to use on your data.
Burp Suite Decoder Software
Transformations
Different transformations can be applied to different parts of the data. The following decode and encode operations are available:
- URL
- HTML
- Base64
- ASCII hex
- Hex
- Octal
- Binary
- GZIP
Additionally, various common hash functions are available, dependent upon the capabilities of your Java platform.
When a part of the data has a transformation applied, the following things happen:
- The part of the data to be transformed is colorized accordingly. (View the manual drop-down lists to see the colors used.)
- A new editor is opened showing the results of all the applied transformations. Any parts of the data that have not been transformed are copied into the new panel in their raw form.
The new editor enables you to work recursively, applying multiple layers of transformations to the same data, to unpack or apply complex encoding schemes. Further, you can edit the transformed data in any of the editor panels, not only the top panel. So, for example, you can take a complex data structure, perform URL and HTML decoding on it, edit the decoded data, and then reapply the HTML and URL encoding (in reverse order), to generate modified but validly formatted data to use in an attack.
Burp Suite Decoder Software
Working manually
To perform manual decoding and encoding, use the drop-down lists to select the required transformation. The chosen transformation will be applied to the selected data, or to the whole data if nothing is selected.
Burp Suite Viewstate Decoder
Smart decoding
On any panel within Decoder, you can click the 'Smart Decode' button. Burp will then attempt to intelligently decode the contents of that panel by looking for data that appears to be encoded in recognizable formats such as URL-encoding or HTML-encoding. This action is performed recursively, continuing until no further recognizable data formats are detected. This option can be a useful first step when you have identified some opaque data, and want to take a quick look to see if it can be easily decoded into a more recognizable form. The decoding that is applied to each part of the data is indicated using the usual colorization.
Because Burp Decoder makes a 'best guess' attempt to recognize some common encoding formats, it will sometimes make mistakes. When this occurs, you can easily see all of the stages involved in the decoding, and the transformation that was applied at each position. You can then manually fix any incorrect transformations using the manual controls, and continue the decoding manually or smartly from this point.