Decoding URL-encoded GET parameters

Question

While intercepting traffic of an app I got this GET APIs, but I don't know how to decode them so that they look like what they actually are.

/api/v1/referral/createuser?phoneNumber=7018805137&deviceImeiId=lQAHMiAwBx%2B%2FchlgHKjWfA%3D%3D%0A&hardwareSerialNumber=bcZ%2Bb5VrI84UN%2FWXJj8hyQ%3D%3D%0A&macAddress=pDQheRx1nNFqOz%2Fw9Y9bI3I96uVKXjhkDXNhNgV%2FyGw%3D%0A&androidID=PQ9kdlHyznGdGKcl0QYh3hp4XeRUz0bBVMnABcxRsZ8%3D%0A&referralCode=7JMYUZ&lastEnabledTime=1481449847956&updateTime=1481449669855&installationTime=1481449669855

the variables LastEnabledTime, updateTime, installationTime are timestamps. phoneNumber looks like it's plaintext. What is the purpose of this, what are you trying? — , Dec 11 '16 at 11:07

Someone Special · Answer 1 · 2016-12-11T11:36:04.763

You can read the variables if this was sent to your server as a Get request like...

$_Get['phoneNumber'], $_GET['hardwareSerialNumber'] and so forth

If you are just asking for help to decode the string...

$urlstring = 'phoneNumber=7018805137&deviceImeiId=lQAHMiAwBx%2B%2FchlgHKjWfA%3D%3D%0A&hardwareSerialNumber=bcZ%2Bb5VrI84UN%2FWXJj8hyQ%3D%3D%0A&macAddress=pDQheRx1nNFqOz%2Fw9Y9bI3I96uVKXjhkDXNhNgV%2FyGw%3D%0A&androidID=PQ9kdlHyznGdGKcl0QYh3hp4XeRUz0bBVMnABcxRsZ8%3D%0A&referralCode=7JMYUZ&lastEnabledTime=1481449847956&updateTime=1481449669855&installationTime=1481449669855';

foreach (explode('&', $urlstring) as $chunk) {
    $param = explode("=", $chunk);

    if ($param) {
        printf("Value for parameter \"%s\" is \"%s\"<br/>\n", urldecode($param[0]), urldecode($param[1]));
    }
}

It will print the following

Value for parameter "phoneNumber" is "7018805137"

Value for parameter "deviceImeiId" is "lQAHMiAwBx+/chlgHKjWfA== "

Value for parameter "hardwareSerialNumber" is "bcZ+b5VrI84UN/WXJj8hyQ== "

Value for parameter "macAddress" is "pDQheRx1nNFqOz/w9Y9bI3I96uVKXjhkDXNhNgV/yGw= "

Value for parameter "androidID" is "PQ9kdlHyznGdGKcl0QYh3hp4XeRUz0bBVMnABcxRsZ8= "

Value for parameter "referralCode" is "7JMYUZ"

Value for parameter "lastEnabledTime" is "1481449847956"

Value for parameter "updateTime" is "1481449669855"

Value for parameter "installationTime" is "1481449669855"

@BobbyPal I think you need to be more precise with your questions or provide more information. Do you have a code which you have in hand that you can share so we can help you with it? — Someone Special, Dec 11 '16 at 11:22
I just want to random androidid in above code can you explain how i can ? — Bobby Pal, Dec 11 '16 at 11:26
if u just want help to get the values i have already updated the answer to parse the string. — Someone Special, Dec 11 '16 at 11:37

Decoding URL-encoded GET parameters

1 Answers1