Work with deobfuscated data in Burp while forwarding obfuscated data
I am trying to analyze HTTP traffic between an application and a server using Burp Suite. The traffic is routed through Burp, but the request and response bodies are obfuscated. Ideally I want to be able to inspect/modify the deobfuscated request/repsponse bodies in Burp's proxy history and Repeater.
For simplicity, assume the data in the bodies is base64 encoded for obfuscation and each obfuscated request/response has the string <!-- obfuscated in them.
What I have tried
I modified the HTTP Handler Example Extension such that responses are intercepted and deobfuscated:
@Override
public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived responseReceived) {
if (!responseReceived.bodyToString().contains("<!-- obfuscated")) {
return continueWith(responseReceived);
}
String body = deobfuscate(responseReceived.bodyToString());
return continueWith(responseReceived.withBody(body), annotations);
}
public static String deobfuscate(String encodedString) {
byte[] decodedBytes = Base64.getDecoder().decode(encodedString);
return new String(decodedBytes);
}
The problem is that the application can't handle the deobfuscated response, which means I need to forward the obfuscated response to the application.
The same goes for requests to the server. The application obfuscates the data, I want Burp to deobfuscate it, be able to modify it and then Burp should obfuscate the data again and send it to the server.
Is there a practical way to work with the deobfuscated data in Burp while forwarding the obfuscated data?
Actually, Burp's Montoya API provides everything needed. One just has to implement the following methods of the 3 interfaces HttpHandler, ProxyRequestHandler, and ProxyResponseHandler:
- openLDAP Proxy fails with ldaps
- Proxy is not working in Vite js project and request is not getting redirected to the proper api
- URLSession works for request but not NWConnection
- Java program to get a file on SFTP server using public key authentication and proxy server
- Angular 19 proxy not affecting URLs on HTTP client calls
- Selenium Proxy with Bright Data chrome driver
- How to make docker container connect everything through proxy
- How to use oxylabs proxy in seleniumbase?
- Selenium + 2Captcha Proxy Not Working for Website
- How to configure a HTTP proxy for svn
- Programmatically configure proxy settings in iOS with the Network library
- Dynamic update of variable without redrawing the entire graph (proxy)
- Does an HTTP proxy need to use the headers?
- Work with deobfuscated data in Burp while forwarding obfuscated data
- ERR_CONTENT_LENGTH_MISMATCH on nginx and proxy on Chrome when loading large files
- Socks proxy failure with camel-box component
- Nginx proxy all subdomains
- NginX redirect to variable value with out by passing proxy authentication
- How to use fsockopen (or compatible) with SOCKS proxies in PHP?
- How to redirect from domain to another domain in Next.js v13 app on server side behind proxy
- Cannot download Docker images behind a proxy
- Is there a mechanism to delay traffic in ProxyMan?
- There are any open-soure PHP Web Proxy ready to use?
- Apache2 Reverse Proxy with PHP Login Page (Check for session var before forwarding to server)
- Charles Proxy - Map remote to localhost from https to http
- TypeError: __init__() got an unexpected keyword argument 'proxies' bs4 scraping
- How to configure proxy in Jenkins to access Git Repository?
- Docker container, how to use host proxy
- Configuring LDAP Proxy Server with multiple AD/LDAP Servers
- How do I implement a lazy-loading Proxy for a Label interface with a const getText() method?