• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Browsers
    • Gaming
    • Hardware
    • Internet
    • iPhone
    • Linux
    • macOS
    • Office
    • Reviews
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About
How to Use Burp Suite Decoder

How to Use Burp Suite Decoder

November 9, 2020 by Mel Hawthorne Leave a Comment

When using Burp Suite, you may often come across data that is using some form of encoding. Encoding is generally designed to configure the data so that the computer system can handle it, unfortunately, it generally makes it impossible, or at least difficult to read. In some cases, the data can be decoded back to a human-readable form, but in other cases, the encoded data was already random and won’t produce intelligible results. Burp includes a tool called “Decoder” to help decode data so you can see what it says, or if it doesn’t contain human-readable data.

How to decode data

To add data to Decoder you can either type it manually, paste it from the clipboard, or you can right-click on it in the Target, Proxy, Intruder, or Repeater tabs and click “Send to Decoder”. You can do this with entire requests; however, it will generally be more helpful to limit it to just the data you want to be decoded by highlighting it before you right-click.

Right-click on the data you want to be decoded, then click “Send to Decoder”.

Once you’ve got data in Decoder, you can decode it by clicking the “Decode as” button on the right and selecting the encoding scheme you think it is using. All of the options will work for any input, but they might not produce printable characters, which generally means that it wasn’t using that encoding or that the data was just randomly generated.

The encodings you can choose between are Plain, URL, HTML, Base64, ASCII hex, Hex, Octal, Binary, and Gzip. Select one of these from the dropdown box and Burp will display the output in a new box below. The new box comes with its own set of identical controls, so if you find that the output is still encoded you can decode it again, even if the decoding type is different. For example, if you decode a Base64 string and find another Base64 string, you can decode that too.

Tip: You can chain together many levels of decoding; you’re not limited to just one or two stages.

You can decode data, then decode the result again, if there are multiple levels of encoding.

How to encode data

You can also use Decoder to encode data in all of the available encoding methods by clicking “Encode as” and selecting an encoding method. This is useful if you need to decode a string, modify it, then need to re-encode it to insert the change into a web request.

Tip: The encoding isn’t particularly smart; for example, alphanumeric characters don’t need to be encoded in URLs as they are valid characters, but the URL encoder will encode every character.

You can also generate a hash of a string by clicking on “Hash” and then selecting an algorithm. Burp does not offer a way to reverse a hash as this is not possible because hashes are one-way functions.

Tip: Any combination of decoding, encoding, and hashing is possible with Decoder, although some orders of operation will not make logical sense.

You can also use Decoder to encode data or hash it.

You can decode, encode, or hash a portion of a string in Decoder by highlighting it before selecting how it should be handled. This is useful if you have two variables encoded with different methods.

Note: Decoder doesn’t support sub-tabs, so you can only manage one input at a time. Be careful to copy the result of a process before sending more data to Decoder unless you’re ok with losing it.

You Might Also Like

  • What Is Burp Suite?
    What Is Burp Suite?
  • How to Use Burp Suite Repeater
    How to Use Burp Suite Repeater
  • How to Set up a Proxy Listener in Burp Suite
    How to Set up a Proxy Listener in Burp Suite
  • How to Filter the HTTP History in Burp Suite
    How to Filter the HTTP History in Burp Suite
  • How Does Burp Suite’s Intercept Function Work?
    How Does Burp Suite’s Intercept Function Work?
  • How to Add Websites to Burp Suite’s Target Scope
    How to Add Websites to Burp Suite’s Target Scope

Filed Under: Internet, Software

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • How to Find Your Lost Samsung Phone
  • How to Change Microsoft 365 Two-Factor Authentication
  • How to Export Chrome Bookmarks
  • How to Make Your iPad’s Keyboard Bigger
  • How to Enable and Manage Do Not Disturb on iPad (iPadOS 16.5)
  • How to Put Apps to Sleep in Windows 11
  • Fix: Excel Opens in Tiny Window
  • What is SMPS?

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

© Copyright 2023 Guiding Tech Media · All Rights Reserved · Privacy