Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab : Modifying serialized data types. Bug Decoder?

Alberto | Last updated: Mar 15, 2021 10:58AM UTC

Hello, I was doing these lab exercises and I noticed some weird Burp behaviors. I had the same problem with Lab : Modifying object attributes. In my specific case : Cookie: session= Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czoxMjoiYWNjZXNzX3Rva2VuIjtzOjMyOiJtMzZiM2YzNHBocmd2eDl0aDVvczhranEzanBudWQwcyI7fQ%253d%253d If I select this cookie, the inspector say : Decode from Url, Decode from Base64 and that is the result : O:4:"User":2:{s:8:"username";s:6:"wiener";s:12:"access_token";s:32:"m36b3f34phrgvx9th5os8kjq3jpnud0s";} If I select the cookie, right click and then "Send to decoder" the result should be the same but It's not. That's the result i get O:4:"User":2:{s:8:"username";s:6:"wiener";s:12:"access_token";s:32:"m36b3f34phrgvx9th5os8kjq3jpnud0s";fQ%3d%3d In this lab, after some try without any success I decided to watch the video solution : https://www.youtube.com/watch?v=l7KCL7vY98k Then I realized I was doing the right thing but getting a different result. Even if I repeat the exact same steps of the video I get this error : PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 I understand that probably I'm replacing the value of the "Cookie: session= value..." with the wrong one. PS : I even tried to encode directly the right value to solve this lab {s:8:"username";s:13:"administrator";s:12:"access_token";i:"0";} encoded base64 = e3M6ODoidXNlcm5hbWUiO3M6MTM6ImFkbWluaXN0cmF0b3IiO3M6MTI6ImFjY2Vzc190b2tlbiI7aToiMCI7fQ== encoded url = %65%33%4d%36%4f%44%6f%69%64%58%4e%6c%63%6d%35%68%62%57%55%69%4f%33%4d%36%4d%54%4d%36%49%6d%46%6b%62%57%6c%75%61%58%4e%30%63%6d%46%30%62%33%49%69%4f%33%4d%36%4d%54%49%36%49%6d%46%6a%59%32%56%7a%63%31%39%30%62%32%74%6c%62%69%49%37%61%54%6f%69%4d%43%49%37%66%51%3d%3d Am I getting the wrong translation from the Decoder/Encoder? TY, have a nice day

Uthman, PortSwigger Agent | Last updated: Mar 15, 2021 11:36AM UTC

Hi Alberto, Thanks for the feedback. The difference between the Inspector's result and the Decoder is that the Inspector detects that there is double-URL encoding present and so decodes it. In the video you have linked, it looks like we were only expecting single-URL decoding (i.e. just %3d%3d to be decoded). It looks like the video is quite old and the lab has since been changed (along with the introduction of the Inspector) and expects you to perform double-URL decoding. If you send the Cookie to the Decoder, select Decode as > URL, then select Decode as > URL again, you should see the same base64 result. You can then decode that to get the expected cookie. In your example, you are only encoding this: {s:8:"username";s:13:"administrator";s:12:"access_token";i:"0";} However, you need to encode (base64 followed by URL) this: O:4:"User":2:{s:8:"username";s:13:"administrator";s:12:"access_token";i:0;} The expected result should be: %54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67%36%49%6e%56%7a%5a%58%4a%75%59%57%31%6c%49%6a%74%7a%4f%6a%45%7a%4f%69%4a%68%5a%47%31%70%62%6d%6c%7a%64%48%4a%68%64%47%39%79%49%6a%74%7a%4f%6a%45%79%4f%69%4a%68%59%32%4e%6c%63%33%4e%66%64%47%39%72%5a%57%34%69%4f%32%6b%36%4d%44%74%39%43%67%3d%3d Can you please give this a try?

Alberto | Last updated: Mar 15, 2021 01:16PM UTC

Ty, Now It's working and I understood my error. Have a nice day :)

Uthman, PortSwigger Agent | Last updated: Mar 15, 2021 01:46PM UTC