This is a protobuf-decoder which can decode protobuf binary file without .proto files. It supports editing to the decoded file and re-encoding to a bianry file. It can also work as a brup plugin.
-
protoc -I=. --python_out=. addressbook.proto -
python write_msg.py ADDRESS_BOOK_FILEEnter a telephone number and press twice. Now you have a protobuf binary file called ADDRESS_BOOK_FILE.
-
python parse.py ADDRESS_BOOK_FILENow you can see the decoded field looks like:
{ "01:00:embedded message": { "01:00:string": "わたし", "02:01:Varint": 1234, "04:02:bytes": "0x5a:0x64:0x3b:0xdf:0x4f:0x8d:0xf3:0x3f:0x2d:0xb2:0x9d:0xef:0xa7:0xc6:0x9:0x40", "05:03:embedded message": { "01:00:Varint": 1, "02:01:string": "0800000", "03:02:embedded message": { "01:00:32-bit": 666.7769775390625 } }, "05:04:embedded message": { "01:00:Varint": 1, "02:01:string": "0800000" } }, "02:01:32-bit": 3.140000104904175 }You can compare this result with the google's official
decode_rawresult usingcat ADDRESS_BOOK_FILE | protoc --decode_raw
You can also use this script as a burp plugin:
- Copy
parse.pyto your burpsuite's jar directory. - Open burp, load
protobuf_decoder.pyas a burp extension. - All is done! You are now able to view protobuf binary in json format. You can also modify the value to what you want! But donnot modify the keys unless you know what you are doing.
Note the keys of this json file is in the format of field_number:id:type. field_number is exactly the field_number in .proto file while id has no meaning. It's just a field that helps to de-duplicate the keys in json.
- Deal with minus number.
Thanks Mori for fixing bugs and improve this tool!