Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Decoder - URL and HTML encode special characters only

Robert | Last updated: Sep 30, 2020 03:08PM UTC

Can you please add the ability to Decoder to encode the special URL and HTML characters only? The need to do this comes up quite often during application testing. For example, when looking at the first lab of the burp academy ssrf guide https://portswigger.net/web-security/ssrf where the payload is "stockApi=http://stock.weliketoshop.net:8080/product/stock/check%3FproductId%3D6%26storeId%3D1". When attempting to introduce own payload and attempt to URL encode "http://localhost/admin/delete?username=carlos" in Decoder the result would be "%68%74%74%70%3A%2F%2F%6C%6F%63%61%6C%68%6F%73%74%2F%61%64%6D%69%6E%2F%64%65%6C%65%74%65%3F%75%73%65%72%6E%61%6D%65%3D%63%61%72%6C%6F%73" instead of desired "http%3A%2F%2Flocalhost%2Fadmin%2Fdelete%3Fusername%3Dcarlos" The same applies to HTML encoding.

Uthman, PortSwigger Agent | Last updated: Oct 01, 2020 11:06AM UTC

Hi Robert, Thanks a lot for your request. At the moment, the decoder will encode/decode in entirety (i.e. all characters) without the ability to understand that only key characters should be encoded/decoded in a URL. We are working on a new feature that may deprecate this. In the meantime, I would suggest pasting this into a new Repeater tab > right-click > Convert selection > URL-encode key characters. Alternatively, you can right-click > URL-encode as you type > manually type in the URL in a Repeater tab.

Otojon | Last updated: Oct 09, 2022 05:07PM UTC

you can use Decoder =>Decode as => URL

Jack | Last updated: Jul 20, 2024 08:03AM UTC

hi whats up with this feature? seems like an easy thing to add and 4 years passed

Hannah, PortSwigger Agent | Last updated: Jul 22, 2024 03:48PM UTC