Now, one of the things you’ll notice is sometimes with Base64 or a lot of the times it will end with “equals equals” and that has to do with padding. It allows it to encode it in a way that it’s easily transferred over clear text or plain text protocols.
As you can see, we have the, I am sure and the space and all that has been replaced with what looks like gibberish, but it’s pretty much not malicious gibberish or mostly not malicious gibberish I suppose. And we’re going to pipe it through Base64. Now, in my example that I have up on my screen, we’re going to be playing around with, “I am sure there’s a better way to do this434343!!!!!!” or capital C, capital C, capital C in hex but we’re not at that video yet. Let’s play around a little bit with encoding and decoding Base64 and then some of the little challenges that you’re going to run into. You’ll see it all the time whenever you’re doing web application, security assessments, looking at security parameters and tokens, and things of that nature. It allows you to convert things like binary and special character data into something that’s far less benign like upper lower case and numbers and that’s what we actually get whenever we’re utilizing Base64 as an encoding mechanism. This is why protocols like this exist or different encoding formats like this exist. In fact, we see this all the time, especially with attacks like SQL where semi-colons get interpreted and get executed. For example, if you’re looking at something like HTTP, transports a lot of text and if we start sending binary, we might get into trouble. Whenever you are transferring binary data or you’re transferring data with special characters, it can be encoded and it can be garbled, especially whenever you’re dealing with protocols that are designed predominantly for sending text. Now the reason why Base64 actually exists is kind of interesting.
Now the reason why we’re talking about it is once again we have the BHIS Cyber Range for our customers and friends and this is just basically a video to walk people through some of the challenges that utilize Base64. My name is John Strand and in this video, we’re going to be talking about Base64 encoding and decoding.
0 kommentar(er)
