Using Web Proxies - Encoding/Decoding

I am using burp suit to decode a string for the answer for the question. The hint they provided me was use base 64 and URL-encoding. I have opened up burp suit and selected the decoder section however when I ended up decoding it I am suppose to get the flag and I don’t.

My question is, Is the URL-encoding the same as the decoding it? Does the hint imply that I must decode in base 64 then encode it in URL-encoding to get the flag? I have tried doing it both ways where I do decode in URL and encode in URL and still don’t receive the flag. Or must I go back and forth long enough between decoding and encoding from base64 > URL-encoding to receive the flag?

Can anybody here give me a hint please?

Thank you.


Looks like you have a slew of questions here. Encoding and Decoding are opposites. Here’s a simple base64 example(You can usually tell base64 encoding by an = or == at the end of it.):

Hello base64 encoded is: SGVsbG8=
SGVsbG8= base64 decoded is: Hello

Read the question again carefully it says that it has been encoded several times. Encoding can be applied as many times as needed, so take the example above:

Hello base64 encoded is: SGVsbG8=
SGVsbG8= encoded a second time is: U0dWc2JHOD0=
Now to decode it we would need to base64 decode it twice to get Hello

I think the most important part of decoding is recognizing when a string is encoded and what it has been encoded with. I believe that this topic will be further mentioned later in the CBBH path. Also a very handy web tool that will help you in the future: CyberChef

As always feel free to DM me if you need further help.


Thank you for the explanation here. I am going to definitely try again.