pimterry
commented
3 months ago In both cases, the request has a Content-Encoding: gzip header. That means the body is gzipped, compressing it to make the request smaller.
Have you already un-gzipped it? If not, that would cause this. I'm afraid I'm not sure how to handle that with Burp but I'm sure there are ways (n.b: HTTP Toolkit does this automatically when it sees the header).
If it is already un-gzipped and the result looks like this, that still doesn't necessarily mean this it's encrypted - it could well just be binary data in a format you don't expect. One way to explore that is to compare the first bytes against this list of file signatures which can often help to recognize various case.
In general it's quite unusual to encrypt a request body like this, since there's not much point (any key used for encryption client-side must live in the app, so if you can capture the traffic you could also access the key, so encryption is a lot of work that doesn't help much).
I think it's most likely that one of those are true: either this needs un-gzipping (most likely), or it's in a binary format you're not expecting (possible, but much less likely) and you need to dig into that further.
I checked Etsy on Android and it seems the request body is still somehow encrypted.
I suppose the app does not especially encrypt the body since this is also happening for the facebook API
What could be the reason for this?