• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Gaming
    • Hardware
    • Internet
    • iOS
    • MacOS
    • Office
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About Technipages
How to Use Burp Suite Decoder

How to Use Burp Suite Decoder

By Mel Hawthorne Leave a Comment

When using Burp Suite, you may often come across data that is using some form of encoding. Encoding is generally designed to configure the data so that the computer system can handle it, unfortunately, it generally makes it impossible, or at least difficult to read. In some cases, the data can be decoded back to a human-readable form, but in other cases, the encoded data was already random and won’t produce intelligible results. Burp includes a tool called “Decoder” to help decode data so you can see what it says, or if it doesn’t contain human-readable data.

How to decode data

To add data to Decoder you can either type it manually, paste it from the clipboard, or you can right-click on it in the Target, Proxy, Intruder, or Repeater tabs and click “Send to Decoder”. You can do this with entire requests; however, it will generally be more helpful to limit it to just the data you want to be decoded by highlighting it before you right-click.

Right-click on the data you want to be decoded, then click “Send to Decoder”.

Once you’ve got data in Decoder, you can decode it by clicking the “Decode as” button on the right and selecting the encoding scheme you think it is using. All of the options will work for any input, but they might not produce printable characters, which generally means that it wasn’t using that encoding or that the data was just randomly generated.

The encodings you can choose between are Plain, URL, HTML, Base64, ASCII hex, Hex, Octal, Binary, and Gzip. Select one of these from the dropdown box and Burp will display the output in a new box below. The new box comes with its own set of identical controls, so if you find that the output is still encoded you can decode it again, even if the decoding type is different. For example, if you decode a Base64 string and find another Base64 string, you can decode that too.

Tip: You can chain together many levels of decoding; you’re not limited to just one or two stages.

You can decode data, then decode the result again, if there are multiple levels of encoding.

How to encode data

You can also use Decoder to encode data in all of the available encoding methods by clicking “Encode as” and selecting an encoding method. This is useful if you need to decode a string, modify it, then need to re-encode it to insert the change into a web request.

Tip: The encoding isn’t particularly smart; for example, alphanumeric characters don’t need to be encoded in URLs as they are valid characters, but the URL encoder will encode every character.

You can also generate a hash of a string by clicking on “Hash” and then selecting an algorithm. Burp does not offer a way to reverse a hash as this is not possible because hashes are one-way functions.

Tip: Any combination of decoding, encoding, and hashing is possible with Decoder, although some orders of operation will not make logical sense.

You can also use Decoder to encode data or hash it.

You can decode, encode, or hash a portion of a string in Decoder by highlighting it before selecting how it should be handled. This is useful if you have two variables encoded with different methods.

Note: Decoder doesn’t support sub-tabs, so you can only manage one input at a time. Be careful to copy the result of a process before sending more data to Decoder unless you’re ok with losing it.

You Might Also Like

  • What Is Burp Suite?
    What Is Burp Suite?
  • How to Use Burp Suite Repeater
    How to Use Burp Suite Repeater
  • How to Set up a Proxy Listener in Burp Suite
    How to Set up a Proxy Listener in Burp Suite
  • How to Filter the HTTP History in Burp Suite
    How to Filter the HTTP History in Burp Suite
  • How Does Burp Suite’s Intercept Function Work?
    How Does Burp Suite’s Intercept Function Work?
  • How to Add Websites to Burp Suite’s Target Scope
    How to Add Websites to Burp Suite’s Target Scope
  • How to Import Burp Suite’s HTTPS Certificate in Windows
    How to Import Burp Suite’s HTTPS Certificate in Windows
  • How to Automatically Replace Data in a Web Response With Burp Suite
    How to Automatically Replace Data in a Web Response With…
  • How to Configure Burp Suite to Intercept Network Traffic
    How to Configure Burp Suite to Intercept Network Traffic

Filed Under: Internet, Software

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • How to Enable Dark Mode in Firefox
  • Windows 11: How to Add Clocks with Different Time Zones
  • Google Assistant: How to Never Miss a Birthday
  • Windows 11: How to Disable Notifications and Ads
  • How to Use Oculus Quest 2 Air Link
  • How to Create an Avatar in the Oculus Quest 2
  • 5 Free and Fun Math Apps for Kids
  • Windows 11: How to Discover What Graphics Card You’re Using

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

© Copyright 2022 Technipages · All Rights Reserved · Privacy