Burp Suite is a powerful tool for web application security testing. It allows you to intercept, inspect and modify the traffic between your browser and the target application. One of the most useful features of Burp Suite is the Decoder, which lets you decode and encode data in various formats.
We can use Burp Suite Decoder to perform simple tasks like hashing input using 50+ algorithms like MD5, SHA, Tiger, etc. It is most commonly used for decoding and encoding URL-encoded data, Base64-encoded data, hexadecimal and octal data, HTML entities, and JSON data.
How to Access Burp Suite Decoder
You can access Burp Suite Decoder from the main menu by clicking on Decoder from tab menu.
You can also send data from other Burp Suite tools such as Proxy, Repeater, or Intruder into the input section of the Decoder by selecting and clicking on Send to Decoder button from the right click menu. Alternatively, you can assign a keyboard shortcut to “Send to Decoder” in user hotkey settings.
If you simply right-click and choose Send to Decoder button, it will send the whole request or response to Decoder input.
The Decoder window consists of three main sections:
- The input section, where you can enter or paste the data that you want to perform operations with.
- The output section, where you can see the result of the action. This can again be used as input.
- The actions section, where you can select the type of decoding/encoding or hashing that you want to perform.
Decode and Encode Data in Burp Suite
To encode data, follow these steps:
- Enter or paste the data that you want to encode into the input section of the Decoder.
- In the right sidebar:
- Select the type of data:
Text or Hex.
- Click on
Encode as .. dropdown menu will open, now select encoding action.
- The output section will show the encoded data.
To decode data, follow these steps:
- Enter or paste the data that you want to decode into the input section of the Decoder.
- In the right sidebar:
- Select the type of data:
Text or Hex.
- Click on
Encode as .. dropdown menu will open, now select decoding action.
- Or, You can use
Smart decode the option to leave choosing the decoding actions to Burp Suite.
- The output section will show the decoded data.
It is possible to perform encoding/decoding actions recursively, which makes the tool even more convenient.
Here are some shortcuts relate to Burp Suite Decoder which are most useful.
Calculate Hash Values of Data
Hashing is a method of transforming any data into a fixed-length string of characters, called a hash.
Burp Suite Decoder can be used to calculate hash values of data using various algorithms, such as MD5, SHA-1, SHA-256 and SHA-512.
To calculate hash values of data, follow these steps:
- Enter or paste the data that you want to hash into the input section of the Decoder.
- In the right sidebar, click on
Hash .. dropdown. Pick an algorithm. For example, Hash > MD5.
- The output section will show the hash value of the data.
Summary
Burp Suite Decoder is a handy tool that can help you manipulate and analyze the data that you encounter during your web application security testing. By using this tool, you can easily convert data between different formats, such as URL, Base64, Hex, HTML Octal and GZIP. You can also use various options to customize your decoding and encoding operations, such as input type, Smart Decode and Select Hashing algorithm.
