I have been maintaining the BurpSuite extension Decoder-improved for a while and want to make a quick introduction here. Please note that Justin Moore is the original creator of this extension, and now I've been working on adding more features and fixing bugs.
For source code and additional details of the Decoder-improved, please visit the Github repo.
Decoder-improved is an open source data transformation extension for BurpSuite that better serves the varying and expanding needs of information security professionals. It includes all of BurpSuite built-in decoder's functionalities while adding more useful features. Additionally, the plugin's functionality is straightforward to extend to accommodate any custom data encoding and decoding needs.
Decoder-improved supports multiple tabs which preserve their own flows of data transformation actions. Data can be copied into a tab manually, or through the "Send to Decoder Improved" menu in other BurpSuite extensions (most built-in extensions support it).
Users can either edit the UTF-8 text, or manipulate the hex (or bin/oct/dec) data directly, which represents the actual raw bytes of the data.
There are a number of modes supported by Decoder-improved to transform the data. Currently available modes:
- URL special characters
- HTML special characters
- Base64 URL safe
- ASCII hex
- Fussy base64
- ASCII hex
- All hashing algorithms in BouncyCastle, a Java and C# crpyto library
- Numeric base
- From base 2-32 to base 2-32
- Find and replace
- Replace first/all match(es) of a regex
- Pretty print
Data in every segment (in every tab) can be exported as UTF-8 text, hex string and raw binary data to a local file. Please note that the raw binary data preserves every single byte of the original data, while the UTF-8 text may lose some unprintable characters comparing to the original data.
Work state in Decoder-improved is automatically saved when the extension is unloaded (for example, BurpSuite is closed or the user unloads Decoder-improved manually). The work state can be exported to a local file in JSON format, which can be loaded later to restore the work state. The exported JSON file contains the following information:
- Data in the first segment in each tab
- Name of each tab and the flow of modes/actions selected
- Text/hex editor selected for each segment
Basically everything will remain the same after the extension is reloaded. The user is also provided with an option to clear all tabs and their data on unloading Decoder-improved, so the extension will work in a brand new state next time it gets loaded.
Decoder-improved is open source and designed to be extendable. A new mode can be created by extending the class
trust.nccgroup.decoderimproved.modes.AbstractModificationMode and implementing the function
modifyBytes in the interface
Due to the limitation of BurpSuite extensions and difference of use cases, it's hard to make the decoder-improved as flexible and powerful as CyberChef (which is a really great tool that I highly recommend). However, there are a number of useful operations in CyberChef that decoder-improve can implement in the future.
Another feature that I would like to add to the decoder-improved is the "smart decode" function, which basically "guesses" how a piece of data is encoded and try to decode in the right way. It is already in BurpSuite built-in decoder, kind of useful but not that "smart" as of now. I really look forward to a "smart" "smart decode" being introduced to decoder-improved.