0

I am analyzing the HTTPS traffic from a particular Android app using the Burp proxy. So every 5 minutes, the app hits an endpoint and sends an encrypted/encoded text in its HTTPS request. I tried decoding it using CyberChef Base-64 and replacing '-' with '+' and '_' with '/', but no luck. But every requests' first 12 characters are the same. The accept-encoding in the request is gzip/deflate. For example,

1st request:

Is4HAAAAAAAAKXDAAqQQABBIMvb0xSquvSUmE3iEKTIJEtFKmdPeD7-0s-y-SifOB6n8Y91G9scpB3R hMrAZCRqqN5or1HXazKTFouGrtSFxfViBOi2gplAEgG13nwfDI86HhXDUtOqgt3P42gVAAAA=

2nd request:

Is4HAAAAAAAAKXDAAqQQABBIMvb0JTquvyUmE3iESLoIEtFSmdPdD7-0s9w-yifKBjpps9QDaWu0BnZ iMrAxEi2WRyQq2HXtRFjccTD3dZixPXnBGi-hplHvw307KE4sxhTXkacPuvYZVA7R-qsAAAuA

3rd request:

Is4HAAAAAAAANWFADrQXGABIzJ-7_EzKqQuxFTYJaUJilialuTeI9NQXysN6zx3slsOEdNOJjPOJbBI dBlvJtRF3Bt2UAw4x_Nnfi-yOUfuSlX7ENqDq6sk1AYY-GGoYmrHC1r1kHlAOZuDSZNRI0cLgw Ubmyw5-JdIIrUSg8Bq0D76eU9uot-ZzWCk4FunTkOJty1KfdCzlNobp3GfcEmjVKtfhj31hwvu Fnv6MnQ8u7AlbdAAA

and so on... This was the only pattern I was able to find. How to know if this is an encoding or encryption in the first place? If this is an Encryption, how to find the type of encryption? I am new to this, so would appreciate any help. Thanks

Supraja
  • 7
  • 5

0 Answers0