Decoder
Decoder tool in Burp Suite does the job of encoding and decoding data. Applications need to encode data while transmitting it or, in many cases, as a security measure. Encoding is not a security measure but a lot of developers mistake it to be.
Note
A simple rule of thumb is that if there is no key present, there is no confidentiality. Since we don't require a key to encode a piece of plain text, we don't require a key to decode.
A web application penetration tester needs to be able to understand the type of encoding that has been applied and then successfully decode the piece of data.
As with all the other tools, we saw that:
We can select a piece of text anywhere in Burp Suite and send it to Decoder. Have a look at the following screenshot:
We can also do manual transforms (encoding or decoding) using the context menu wherever we are currently working, as shown in the following screenshot:
We can do URL-decode and URL encode with different options using the context menu. Have a look at...