TL;DR
You’ve found a password encoded in base64 within Burp Suite. This guide shows you how to quickly decode it back into plain text using Burp Repeater and the built-in decoder.
Steps
- Identify the Base64 Encoded String: Locate the password string in your Burp Suite response. It will typically contain a mix of uppercase letters, lowercase letters, numbers, plus signs (+), forward slashes (/), and equal signs (=).
- Send to Repeater: Right-click on the request containing the encoded password and select “Send to Repeater”. This allows you to modify and resend the request.
- Highlight the Encoded String in Repeater: In the Repeater tab, highlight the base64 encoded string within the response body.
- Decode with Burp’s Decoder: Right-click on the highlighted string and select “Convert selection”. A menu will appear; choose “Base64 decode”.
- View Decoded Password: The decoded password will be displayed in a new window or within the Repeater response. If it’s still encoded (e.g., URL-encoded), repeat step 4 with the appropriate decoding method.
Example
Let’s say you find this string in your Burp Suite response:
SGVsbG8gd29ybGQhFollow these steps:
- Send the request to Repeater.
- Highlight
SGVsbG8gd29ybGQhin the response body. - Right-click and select “Convert selection” -> “Base64 decode”.
Burp Suite will decode it to:
Hello world!Troubleshooting
- Multiple Encodings: Sometimes, passwords are encoded multiple times. If the initial decoding doesn’t result in a readable password, try decoding again with different methods (e.g., URL decode after Base64 decode).
- Incorrect String: Ensure you’re highlighting only the base64 encoded string and not surrounding text.
- Character Set Issues: If the decoded output contains strange characters, there might be a character set issue. Try different character encodings in Burp Suite’s decoder options (though this is less common).