LabEx
Log InJoin Free

Encode and Decode Data in Burp Decoder

Beginner
Practice Now

Introduction

Burp Suite is an essential toolkit for web application security testing. One of its most versatile tools is the Burp Decoder. Decoder allows you to transform data from one format to another, a process known as encoding and decoding. This is crucial when dealing with data that is obfuscated or transmitted in specific formats, such as Base64, URL, or HTML.

In this lab, you will get hands-on experience with Burp Decoder. You will learn how to take an encoded piece of data, decode it to its original form, modify it, and then re-encode it. This fundamental skill is used daily by security professionals to analyze and manipulate data within web applications.

Copy a Base64-Encoded String to Your Clipboard

In this step, you will begin by copying a sample Base64-encoded string. We have prepared a file containing this string in your project directory.

First, open a Terminal from the application menu on your desktop.

Next, use the cat command to display the content of the file base64_string.txt:

cat ~/project/base64_string.txt

You should see the following output:

TGFiRXggcm9ja3Mh

Now, use your mouse to highlight the string TGFiRXggcm9ja3Mh and copy it to your clipboard (usually by right-clicking and selecting 'Copy', or using the Ctrl+Shift+C shortcut).

Paste the String into the Burp Decoder Window

In this step, you will launch Burp Suite and paste the copied string into the Decoder tool.

First, find and launch Burp Suite. You can typically find it in the application menu, often under a category like 'Web' or 'Security'.

When Burp Suite starts, a splash screen will appear. Select 'Temporary project' and then click 'Next'. On the next screen, select 'Use Burp defaults' and click 'Start Burp'.

Once the main Burp Suite window opens, navigate to the Decoder tab. You will see it among the top-level tabs like 'Proxy', 'Intruder', etc.

The Decoder interface has a large text pane at the top. Click inside this pane and paste the Base64 string you copied in the previous step (using Ctrl+V or right-click and 'Paste'). The window should now look like this, with your pasted text in the top section.

Now that you have the encoded data in Decoder, the next step is to decode it. Burp Decoder supports many common encoding and hashing formats.

On the right side of the window, you will see a set of buttons. Click the 'Decode as...' dropdown menu.

A list of decoding options will appear. From this list, select 'Base64'.

Instantly, the decoded text will appear in the output pane below. You should see the original, human-readable string:

LabEx rocks!

This demonstrates the basic decoding functionality. You have successfully converted a Base64 string back into its original text form.

Modify the Decoded Text

In this step, you will modify the decoded text directly within Burp Decoder. This is a powerful feature that allows you to manipulate data on the fly before re-encoding it.

The output pane where 'LabEx rocks!' is displayed is an editable field. Click inside this pane and change the text. For this lab, let's change it to:

Burp is cool!

As you type, you will notice that the representation in the top pane (the raw, original data) changes in real-time. This shows you the live effect of your modifications.

Use the 'Encode as...' Dropdown to Re-encode the Text

Finally, you will re-encode your modified text back into the Base64 format. This completes the cycle of decoding, modifying, and encoding data.

With your modified text Burp is cool! still in the output pane, look to the right-hand side buttons again. This time, click the 'Encode as...' dropdown menu.

From the list of encoding options, select 'Base64'.

The text in the top pane will now update to the new Base64 representation of your modified string. It should now be:

QnVycCBpcyBjb29sIQ==

You have now successfully taken an original string, decoded it, changed its content, and re-encoded it into Base64. This is a common workflow when testing for vulnerabilities like authorization bypasses or parameter tampering.

Summary

Congratulations! You have successfully completed this lab on using the Burp Decoder.

In this lab, you learned how to:

  • Paste data into the Burp Decoder.
  • Decode data from Base64 to plaintext.
  • Modify the decoded plaintext data directly in the interface.
  • Re-encode the modified data back into Base64 format.

This is a fundamental skill for any web security tester, as it allows for the quick analysis and manipulation of data exchanged between a client and a server. Mastering the Decoder will significantly speed up your workflow during penetration tests.