Burp community forum

how do i convert multipart gzip to original file

rafael | Last updated: Aug 18, 2019 02:53AM UTC

during my research i'm intercepting some packages like this: Content-Type: multipart/form-data; boundary=cLXA2xHy63hD9QS92t_yJwlwnL8vVb Accept-Encoding: gzip, deflate X-FB-HTTP-Engine: Liger Connection: keep-alive Content-Length: 1922 --cLXA2xHy63hD9QS92t_yJwlwnL8vVb Content-Disposition: form-data; name="access_token" 567067343352427|f249176f09e26ce54212b472dbab8fa8 --cLXA2xHy63hD9QS92t_yJwlwnL8vVb Content-Disposition: form-data; name="format" json --cLXA2xHy63hD9QS92t_yJwlwnL8vVb Content-Disposition: form-data; name="cmsg"; filename="47b1a5f7-cd4c-4862-82e0-2eb9239479f3_2_zero.batch.gz" Content-Type: application/octet-stream Content-Transfer-Encoding: binary µU[o›Hþ/<ô)TÌ…‰iÓ¦qìÖ¤N³Z¡a˜q°p Ø1Ùü÷=àT½¤ÚK¤•_Æç~¾sÎÇ£U©{ëŸXb³‰³Ô:µ\æ9Ì#”SìYGÕNmA‡çm÷CÞ[„9¨’&3i\4y§dˆz>cä©ÚeR& A¥ÄVŒ›2Žm.|iKF™æ‰Â>Wà¢Ež™Cü½§«<ÎѶ&Ø·©ÖÂN¤æ6!8‘H`‘" ž•ªª¬,Ž>ÔKpµgË”J›ú Û>VŽUÂ1áÔ㚀OÓ;ð’w¢(”­Ú–±µ*äá¹í£bõâ”w½É²ÐÙ²C¤Ë êþ&•wJ®«ûêOyæ*,]Ê9ñ ¢)õ`.A®Ö\a'EôM]!—1‡2Æé›ûÝÙ½©Î¤L(3¦}‡©DA ®4"„PÏë;HE-¬Óß­Bä ÒeEU‹åVäq¡jµ,I“A‘]+uÖ›ô‰|×ñÜ·e ÏË´1F+•Æ•ÉŠn•È7ð\Æ[€Ã:E'–z¨·ïñG´Lµ§<˜‹c¢U0!ŠlÂ_k)4ÇÆÏ(2ÚW€}—wËó\篕M®» êr­:”Õa„Ò¹YWe6^æzš®+cÆí’ƒËՏòàbáÓm0¸¹ ‹v<½Í>½í¡©| ¾o˜G›$¿¬Bòîngë6Ñû!¡` Þa¼:oÁ¯‰Âa®yŸwÿiuþ 9ö×Óa vÄÊB2k£p¤Å|’]¯>ìÇ燠´ÁtBÆíعþ²Ï’|æ„xV$ˆ;*|g ÖâÉ€g‹ùƒ–ÞŠðf“` 1†w¶’¤åÕh³À· »mǺï{™Pªå|9Ý<9 Ù07EHbפˆ#‰gx—“Ê«‡C4Q”ÃlŸ¥a`¤áë?T ¨;,Òy—ã¼ ¦Pq;qÇ+‰¨[„†ÚIˆMÓÅLf—dC–^Pô¬ŠÑ.™ñ&šÏÖjvÌ 8çÐWÛÙ,ÂÙª÷3|/s³Šf|—†7«£‡V‡ÎY7ïæ[ĪY.UUÃ66(6ë¸UF‰JÅßNw³-ÓN!Ò¬ŒŸCí3ÙEÙï3Ø–MQ«m¿mÎ÷‚ª“Ø{Œ`Œù÷ª©Ázz:ùŵ‰ôŸ.Í{å¥åqß;†(>æpù®ã:ÈEȏ vßs<ævDu´ûA–ÇuÑ\ÈùÀÌ`•/ ŸJ‰ãÁ;žCÖýGàÅѝ;Ÿ|úP³Q}¡ÚÏ÷¤ŠV¹<š|7»û8ø/Ç’Ž6wWÎgä®°¶ÇYÞ¤ÎÇ/ïu(îÔ]Ý޳Ÿ e¼«¶CQÞêb¾a¿ë½l¶Àõ¥Ž…¬\ú3<º4¦ÜÇ vÝ@CVQÖñQevÌRìTQ—ÛC| &¹J3—[˜LÎ×È{•H“Éu×noaÄ¡l ïÇ'h¼ÜÄ&[w3ïf߯HVŪÔÖ©¦Rÿ˲{H8v}âý÷-üwœÿÚM|5çSRìr†g˜þÄù/”ËùÑtAƒù¤]L/ÍøBÉõ…É¢|Ü.V“}4˜åÑt¸æ/9ÿ'Ž}ÉTõŒÙÿC1èµóljeÊå×°±°Þ±ê–Üzú --cLXA2xHy63hD9QS92t_yJwlwnL8vVb Content-Disposition: form-data; name="sent_time" 1566085075.770 --cLXA2xHy63hD9QS92t_yJwlwnL8vVb Content-Disposition: form-data; name="cmethod" deflate --cLXA2xHy63hD9QS92t_yJwlwnL8vVb-- i would like to be to recreate the 47b1a5f7-cd4c-4862-82e0-2eb9239479f3_2_zero.batch.gz and decompress it. how can i do it with burp?

Mike, PortSwigger Agent | Last updated: Aug 19, 2019 11:20AM UTC

In Burp Suite Community & Pro, we have a Decoding utility that allows you to encode/decode data you receive from HTTP requests into different formats: https://portswigger.net/burp/documentation/desktop/tools/decoder Looking at your HTTP headers, I can't see a Content-Encoding header, so it might be that the contents of that request aren't GZIP encoded, this means it might not be possible to extract the information using Burp Decoder which would then require a more manual investigation depending upon the application you are intercepting requests from. There are also a couple of settings in Proxy > Options > Miscellaneous labelled *Unpack gzip / deflate in requests/responses* that if enabled would allow Burp to automatically unpack GZIP encoded data, so that might also solve your issue and be a better solution going forward.

Mike, PortSwigger Agent | Last updated: Aug 20, 2019 01:09PM UTC

Hi Luca, we communicated with this user through email to better understand their requirements. Unfortunately we determined that there isn't any functionality in Burp Suite to extract that information in the required format.

Burp User | Last updated: Nov 16, 2019 07:56PM UTC

Did you manage to solve your issue? Can you please share how did you do, I've got the same problem.

You need to Log in to post a reply. Or register here, for free.