Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Incomplete ssl decoding

DrConfiger | Last updated: Nov 04, 2020 10:22AM UTC

Hello dear ones I have a problem and thank you very much for guiding me. When I want to sniff the Spotify site with Burp Suite In the data sent by Rikpcha to Google, I can not receive all the decoded data and it shows me this. "4lbq4vBYAu25DMtzZ7GGbfAFù 03" You can see that it has symbols that are not decoded. Summary I want to know what I can do to sniff out all the ssl data

Uthman, PortSwigger Agent | Last updated: Nov 04, 2020 10:45AM UTC

Are you trying to decrypt SSL traffic? Can you provide the exact steps to replicate this, please?

DrConfiger | Last updated: Nov 04, 2020 12:02PM UTC

Yes, I want to decode ssl traffic completely. I actually wanted to do this: 1. First, I raised the login page of the Spotify site 2. Then I entered a wrong password and clicked on login. 3. It was sent and told me that the username and password are wrong Now when I look at Burp The Google's replica that has been posted is not fully decoded in the burp and it looks like this ... ========================================= POST /recaptcha/api2/reload?k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39 HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-protobuffer Content-Length: 5225 Origin: https://www.google.com Connection: close Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfCVLAUAAAAALFwwRnnCJ12DalriUGbj8FW_J39&co=aHR0cHM6Ly9hY2NvdW50cy5zcG90aWZ5LmNvbTo0NDM.&hl=en&v=4lbq4vBYAu25DMtzZ7GGbfAF&size=invisible&cb=vyutyqbhnwd2 Cookie: 1P_JAR=2020-11-03-21; NID=204=PQZE_TOIDckYOwRmMZveuju8aUj_SIumQ9VnSwuyPF57NMtuqiIqe-z6FE2Mkh46Z_2WkUZyfVJ8DWDcDqGJJknacTe6bqu1dznw2U38cnNiGEOVx3_EcICF53x6K71NjIERdJ5HUYri_E3p0DD6wpeatnpGY3tDe6sYA-pdQdM; ANID=AHWqTUm3p1Ot9MFCnxFusAdodXb7VeFXoKyUaM3I_HW0lqyvP1Ph_RDGVKC5rrZL; OTZ=5701464_42_42_114990_38_379890 4lbq4vBYAu25DMtzZ7GGbfAFŽ03AGdBq27AyJg ================= Look at the latter It is not fully decoded and the names of the variables are completely unknown

Uthman, PortSwigger Agent | Last updated: Nov 04, 2020 12:12PM UTC

Are you sure that the server is not performing some processing to encode the data used to complete the ReCAPTCHA?

DrConfiger | Last updated: Nov 04, 2020 12:24PM UTC

Can you help me in this case I am in great need and I will do everything I can to compensate

Uthman, PortSwigger Agent | Last updated: Nov 04, 2020 12:47PM UTC

Sorry, I cannot help you any further with this. It does not appear to be an issue with Burp. If you have permission to do so, you will need to reverse engineer the reCAPTCHA to understand how it works and what encoding/decoding functions are being performed.

DrConfiger | Last updated: Nov 04, 2020 01:04PM UTC

Thank you, but can you tell me how to decrypt Rikpcha?

Uthman, PortSwigger Agent | Last updated: Nov 04, 2020 01:18PM UTC