As i was testing the security of my own network, i visited the login page of my router. I wanted to see how it managed the credentials. This was when i noticed it transformed the entered password to a ciphered text, with some obvious visible patterns. This was found via burpsuite, and was decoded with the base64. However, the decoded text ONLY provided the password in clear text, except the last two characters.
Transformed || Clear text PW || Decoded from base64 ================================================================================ YWRtaW4%3D admin admaW4%3D cGFzc3dvcmQ%3D password passwocmQ%3D MTIzNGY%3D 1234f 123NGY%3D YWRtaW5hZG1pbjIyMjI%3D adminadmin2222 adminadmin22MjI%3D YWRtaW5hZG1pbjIyMTE%3D adminadmin2211 adminadmin22MTE%3D
All obfuscated text ends with %3D which is something i wanted to comment about but i just found it out from this link that it’s due to URL encoding of the ‘=’ sign.
And i just figured out the answer to this questions whilst creating it..
The process is:
clear text password => Base64 encoding => URL encoding of last 2 characters and '=' character => Base64 encoding of the URL encoded characters