This is a protobuf-decoder which can decode protobuf binary file without .proto files. It supports editing to the decoded file and re-encoding to a bianry file. It can also work as a brup plugin.
-
protoc -I=. --python_out=. addressbook.proto
-
python write_msg.py ADDRESS_BOOK_FILE
Enter a telephone number and press twice. Now you have a protobuf binary file called ADDRESS_BOOK_FILE.
-
python parse.py ADDRESS_BOOK_FILE
Now you can see the decoded field looks like:
{ "01:00:embedded message": { "01:00:string": "わたし", "02:01:Varint": 1234, "04:02:bytes": "0x5a:0x64:0x3b:0xdf:0x4f:0x8d:0xf3:0x3f:0x2d:0xb2:0x9d:0xef:0xa7:0xc6:0x9:0x40", "05:03:embedded message": { "01:00:Varint": 1, "02:01:string": "0800000", "03:02:embedded message": { "01:00:32-bit": 666.7769775390625 } }, "05:04:embedded message": { "01:00:Varint": 1, "02:01:string": "0800000" } }, "02:01:32-bit": 3.140000104904175 }
You can compare this result with the google's official
decode_raw
result usingcat ADDRESS_BOOK_FILE | protoc --decode_raw
You can also use this script as a burp plugin:
- Copy
parse.py
to your burpsuite's jar directory. - Open burp, load
protobuf_decoder.py
as a burp extension. - All is done! You are now able to view protobuf binary in json format. You can also modify the value to what you want! But donnot modify the keys unless you know what you are doing.
Note the keys of this json file is in the format of field_number:id:type
. field_number
is exactly the field_number
in .proto file while id
has no meaning. It's just a field that helps to de-duplicate the keys in json.
- Deal with minus number.
Thanks Mori for fixing bugs and improve this tool!