Base64 Encoding

Encoding is not really cryptography, but it is used a lot in all kinds of standards around cryptographic functions. Especially Base64 encoding.

Encoding is is the process of converting data from one form to another. This process is typically used to ensure data is in a suitable format for transmission, storage, or processing. Decoding is the reverse process of encoding. It converts encoded data back into its original form.

Base64 encoding is a technique used to transform all kinds of bytes to a specific range of bytes. This specific range is the ASCII readable bytes. This way you can transfer binary data such as secret or private keys more easily. You could even print these out or write them down. Encoding is also reversible. So if you have the encoded version, you can create the original version.

On wikipedia you can find more details. Basically it goes through all the bytes and transforms each set of 6 bits into a readable byte (8 bits). The result is that the size of the encoded bytes is increased with about 33%.

Hello ==> SGVsbG8=
0x4d 0x61 ==> TWE=

Basic Authentication

Basic authentication is sometimes used by web applications. This uses base64 encoding. Therefore, it is important to at least use Transport Layer Security (TLS or more commonly known as https) to protect others from reading the username password that is sent to the server.

$echo -n "myuser:mypassword" | base64
bXl1c2VyOm15cGFzc3dvcmQ=

The HTTP header will look like:

Authorization: Basic bXl1c2VyOm15cGFzc3dvcmQ=

Solution

• Go to https://www.base64decode.org/ and decode the authorization header "d2ViZ29hdHRlc3Q3OnNlY3JldA==".

• It will decode you username and password.

• Type those results in WebGoat.