Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Strange characters in request/response

Tobias Dec 17, 2019 06:49AM UTC

Hi all,

I am trying to intercept communication from Silverlight WCF service.

When looking into the request and response I see several strange characters (like rectangle, trademarks and arrows) which I guess are not intended here. Looks somehow like an encoding issue.

Someone else can see everything in a clear way?

What could be the reason? I have already tried out different version of Burp Community Edition (like 2.1.04, 1.7.36, 1.7.35, 1.7.05).

I am using WCF Deserializer, but caused by weird characters the request cannot be deserialized and result is unreadable.

This is how the request looks like (trimmed at the end):
POST /[...]/Service.svc/normal HTTP/1.1
Accept: */*
Accept-Language: en-DE
Referer: [...]
Content-Length: 1959
Accept-Encoding: gzip, deflate
Content-Type: application/soap+msbin1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
Host: [...]
Pragma: no-cache
Connection: close

V s aVD

Does anyone has an idea?

Thank you and best regards.

Michelle Gillian Dec 17, 2019 02:22PM UTC Support Center agent

When you say someone else can see everything, is that for the same communications or for a different target?

Tobias Dec 19, 2019 05:33PM UTC
Hi Michelle,

yes, same target.
We both listen to same application and he sees everything well decoded and me not.

I even tried now pro trial version to check, if it was related to Burp version, but still the same.

Best regards,

Tobias Dec 20, 2019 09:00AM UTC
BTW, if I copy raw request to notepad++ I can see characters that were previously shown as square to be the following shortcuts:

Hannah Law Dec 20, 2019 09:44AM UTC Support Center agent

Hi Tobias

Do you and your friend use the same extensions and versions?

Have you tried changing your character set or system font (User options > Display)?

Tobias Dec 20, 2019 01:04PM UTC
Hi Hannah,

thanks for your answer.

Yes, version is same (both 1.7.37 pro). And only extension we are using is WCF Deserializer installed from BApp Store.

While he is able to see proper deserialized request in WCF Deserializer tab, I do see only hieroglyphics.

Font I have not changed yet (only character sets). I am using default Courier New 13pt. Any suggestion which font to use instead?

Best regards

Hannah Law Dec 20, 2019 02:05PM UTC Support Center agent

Hi Tobias

Is the raw request that the two of you are receiving identical, or does it differ?

With regards to fonts, I would recommend setting it to the same as your friends, or if they are already the same, try Dialog or just plain Courier. You could also try some trial and error to see what font works best.

Post Your public answer

Your name
Your email address