Using Web Proxies - Encoding/Decoding

I am using burp suit to decode a string for the answer for the question. The hint they provided me was use base 64 and URL-encoding. I have opened up burp suit and selected the decoder section however when I ended up decoding it I am suppose to get the flag and I don’t.

My question is, Is the URL-encoding the same as the decoding it? Does the hint imply that I must decode in base 64 then encode it in URL-encoding to get the flag? I have tried doing it both ways where I do decode in URL and encode in URL and still don’t receive the flag. Or must I go back and forth long enough between decoding and encoding from base64 > URL-encoding to receive the flag?

Can anybody here give me a hint please?

Thank you.


Looks like you have a slew of questions here. Encoding and Decoding are opposites. Here’s a simple base64 example(You can usually tell base64 encoding by an = or == at the end of it.):

Hello base64 encoded is: SGVsbG8=
SGVsbG8= base64 decoded is: Hello

Read the question again carefully it says that it has been encoded several times. Encoding can be applied as many times as needed, so take the example above:

Hello base64 encoded is: SGVsbG8=
SGVsbG8= encoded a second time is: U0dWc2JHOD0=
Now to decode it we would need to base64 decode it twice to get Hello

I think the most important part of decoding is recognizing when a string is encoded and what it has been encoded with. I believe that this topic will be further mentioned later in the CBBH path. Also a very handy web tool that will help you in the future: CyberChef

As always feel free to DM me if you need further help.


Thank you for the explanation here. I am going to definitely try again.

Hi, thank you for your explanation I believe this is the lesson of that module to dig more about the encoding and it’s formats as it wasn’t mention in the section so far.
If you have nice source where I can get more familiar, I will be happy for this. Thanks