Closed nanshihui closed 1 year ago
Hi!
I think a key error on that line probably indicates it's not a valid protobuf. It's trying to lookup the wiretype that it decoded from the data and that only goes up to 5.
You could try decoding it with protoc --decode_raw
and see if that is able to decode it. If you feel comfortable sharing the payload, I could try running it through on my side and try to see what's happening.
@rwinkelmaier-ncc
thanks anyway. it comes from https://www.google.com/recaptcha/api2/demo. there is a application/x-protobuffer request called https://www.google.com/recaptcha/api2/reload?k=XXXXXX
For instance ,the protobuf byte blow: 8G7OPK94bhCRbT0VqyEVpQNjÎ 03AFY_a8XSpeiWkFpMt8cGw1g9UUsYQWlbQyVzslA_ORpwheTrr5nlExd82CjsbjJS-uK3d1NAG-dTTQ4RKAF9QyMN4My6R9wFtng8Me2a2yEmJAVChjz0cJ3UTFDZ3JB2DIUeS26Bw3kvH88eF-rbvUc274uxtTsfK6NB25rV6Vx53J65cWRyEHlunn9ahEO2gB9X-E7-5Wy5H0tWeoxx2Oi_duxfN-G147-muLMHuTr5YrFO95KiigrNX9-rembiUmRGssdFkoE9zB8z61PVYd7SnDl4BpA1oNftKiieYPwSqLN6IOBoIh717l66YSBSIDTgPxIlsHYbLac-NiKSedskVtq0DsF-3JCxHdYKdJrYcQh1yHJR6OHlRxJ3niDHQbvKMZABREWIF5TPA0wavZHRcfZil23Vkmnni-GKTIfeSTD8Qi_M4RdMZKDtAyzOKPAmeFV1y02v1T0m3EV3XWyNj51tAxxDr9Cao_mHVE130j8-NiI5NF-3fyMNGmn36rsASBRZaYtC-lLpzWOiVKd8PPz4zG6ROCvGaPwpm9bCTQFalPQPZjJBeyvM-uV9js3M-yxu7WI6LZGsqErd17H5gMTX8D_BYmKUdcn0hSRvdIjHJRoyySSVK-5syo-o_sNoN7uOpvVvTctgksfwjxsyWXnTduxRA00pdaHZIZKxhh2lh4KYup2oKATRcP3GkvFxrc44Y4ja6_AYJ9qotUUFqAQa4bY9Mnoo6bzh5Bc008He-l9hn5L3tonO7AulZJEfcQB_T-WVaHlb4i1znx02VGFG6O9x-b0NgcCEUIMM29i95AIfejfRmarBtRkRmo-DddJKh_fmTTHK_YSjVcCvh67tYMm458pN7A8vK9R6jtcO5IeJ8pYyhmuka6xPkenDcm4auQDydetKOZZCHGbeiz7jcprxdKA2DsACiBtGpqF6s2YNRi94hHwSMWnkpBmz4jBmuuiOlG8mZwmxrjal47DhpJBmxxms4qwapfK-m1QErQ47JqEh270_m-9uG5fDRVs--HfZWFoZKwd7ujZyPAPfOSXV75f5SR5Z7HgpuhdPDKdLDlUFfynLaKfveXaeIOp1sXC95ACHL7CJ_CEyrQH4vMlwSOAwhrRjFOjMhw4b0VrP_IVOmIduNvbj2SYasloNB0VGM0nv2WQxIfTpOIGrfx6ezDSpG8GAK2cWWlbRVLWOSvXFClnrxo41XtblSqptGsuE [48,71,17]"É!wcegx8IKAAQeAtUVbQEHnAgEwTylHgDnMhmLlplwtRlabAIvcO4gn9lE0V-3EQHyX_qWe1BnV2JBm_bdbdc8eEC7S3GH5Jeu_vFmc1WaXi7HX5GCEDtQxLfR1WeCNTPCfo6HQxyN_tNForLBGc4DliHFZRMLABByNrJgazc20IJrGQLGrwPSdNs1PC9RquDE2Sdp1K7w8IB09SEPuNxFpWdlQ6r98Pm7_oIfiqiPOdX2X8EzprYol7s3HxmobfE0aGO6bQH0gre_8IZjvdbpOE4WC3SreFMelsjpovALGJEXn6Ci1vVHxfYSpec1Sem90i6vuQUL8OwHT6fl0vbFAmKugK21xw1EEZx5BUr2OXXke1hiR-0czfAGwy30HzxVnOFZkuCwA4bZE7eNFVhqF78HeS9wHQ3FbZlqVNHYPsJQ-6sKf6z0qRpDbmYvb2XzUmkwvsaiu4vtVyUsPRxbFhLgrDq1_NJdfef1hKV8d13LmUJI4XpWNByLt3RVE3ORGsFc2yi66hUEEoBmn-34L5L9V0OEfT6jZ5w3IWA2GhISeKYdvqsdv79bYFxlyh7HCN1cpUhg022YubF4HZbFX4pOmRN19duYXPADdC8vY6TpGd7CXg_a8iR91amJ8ZoC92T61naWJUXwAx528lL3P6kEkd4CyZvfOaL5Ft_4WamhO90XXRdKncRACzEF5iG3_m-q8rnNNp3fK7Swx0SQSqZuvxUq2Lfs9KmsstFYDSPLpRfTZYxM8ZSGCNb0ELQq7os4IewDJeNpPOotbF954cuKxE7q5UHCIjbHVt279SFF5DlpsAijSQ3lu3SK6Dwreobiqm8If62fZOSzKgiKMKdiiQvVnjZ5hIL4E7ppMsls5nhZMDJ8jC_I3UYT4Pfx9gNS703Hi8wIzE19Lpfh29RGB8zXMeCRqOcTrsqCH26pKNwPFGKvjNiL51KF1-WHvfNBVfrhuIb35gEj6gXK1pqBTqqgbBM8sr9GlBlrVx6Z5a5FO2ksfto-LlbkbEYCRzDxAGWSpNmDhAVGAv4kcPVn_AS6TOTp_tvWIhupjFBEE8jKo7qMqjJco3zzORv3P-dt8zYsXiSjAYHNDbdReBQHh7-KZYA7rzmj4wW1GCEKegWLbRjGDjdS2yoLvRy48glapZJA6Nu18YuEx1S0_if4fD2UQFk512FRwAIJ6nn0b6Ajgsoo3p2uc9KgywrnWilYcgkG1UQOi5r0AGfFMl1ApX65qjFE50FL2mP9uLqaH55R0r7aAD2ukNZMc6JMvMrHYypJ6nNU46vSIBfFVLKSsrV_Pewmt_oHXY6uoqLFQv67Kv51_w4EX-dGVaD35at9WOV_3mneNqTvnNC2ESt1coqYiegQrwJCpHIf1Ai3Cx4y0YKylpZ2P714oJCt9wvDsGjoUWOKjrSikdpW54dBuVzmmBHKiRCEL8mZhP8ZO6Q-FQAEsHA-JX1BqDatlYEc1mboYl2vbU7FtMW4JRETUxjfpIkBLb3OVkK_MZQPUsrRQYkualgik9ugxOpiKAuCVmQRVs6IhegzRuDjiQiXMtB8yh34p_FZhjRYiwgKvkmuvMHRG210E2VqrlMdLetG6iaAmmimk1VdnfPeQRE4e5b5ZS6Js2j9eawjxxBWARawuz4fFs0hL2vKJHtYeNKO0YwFaYE6Un9_DucXNl3Kc1sbbpbI5LmJLAfiilDKAgvKMa0GBuls-0PDcWVc8ZZlvAg2PuMtc1FApU-QMl0xRN9iHSf6IpEjgYlj6u3Rd28aFrvqHcBOzQMf9J6Kp_BzBKckIg8lKOWsqwujgEi5OrAW2f1-3Da2TqLL6dNjBvjV6XYV4oRKrAD7ch9wioqklodawt_CzSNDCeWA4MA1285A0HwCUMLDuQX5Q2RYcOPAPZeOvZOfLcuuOWaR_QyF05Qx-2DKzT-WUl0Gcyxt9R0S0CxqNHao_gWRMNyJ4CJdUjqbk3QVWt3CpnFfY-tdVvgf6kPW34bOa1ueH-7LP6OGl1wDAZfjzExcCBHJGs6r2bZsfFMbvWNwRy7RLgUSLpr-XsZCKDajLsHxaAlcMNP_8NzC5zjq4sW4COkOk3_V_5Gotcvcv5bWOBGcFSvS0uFgyMWdEFMDrxTXld2orXhljisUd7xeS_ZENUIFnGthO7uISgt1pkwzzMtq_ybKvuuLzTk8777K-Ix3WyoXb6UvWhro1haiO6vUAfxWZpzZCw81_wzqrItHmuaTmOL2aq84t6a5nryoyfRdgmoB26hd-ZK6hCdBJJB8uK8yMsyfSnF-X0nJ5-f3_JfCxMBUdpVCx80ZNhSdssGLll5t5v8VqdXpKGhtdlNNmK7zIEjBfgkLsFaD2h8na8CGmAJtZopoyHtgfRc8ev_Pc6ZbSBtn3NdeQh_pxLc_Na_YFljBFykuwwghekZL5cV39YFR_IeYavws3A86ad8D0PI9docFhrkO7ZQ9Q9XNmGSEG_Sd8F1OhO70F_EhR00udtpj_yUZPP19s5iZDgVj8k3QpRvxEoGpikFK_tb3uA_3QJTHus04IKMysp6I25etlnNk3H1AqMgQFQ9BCWufvBIzNg5UYcCCx_3qz5X6qyJN43zdz0cee9V-2vGQ8Q3XDkyLkQjukHLLG3KquG2qcb9FV2KIUUHyVxUEU81W307HQND-SjRruRzT9OHg92_gXDy-R6XklMutGVBLcgCxm--DTXD3YS2qN2oM0lVWT3zRbsBxkm0JhJNAP9Kg3riR3tqy-A*-1485252778è$0eGdSMQDYcIppOBCowqFwSOD62aiAGObNpIRWHgDetoiigVAowNq5iGD4EvHAmDBKKfjQaIJhMAiguploQNjy0aB4ECoJ2LBIYkEQ6ICaeUgguL9eWVMr57aNZj8ZDda9fz07DdXlu3BOJQ-9onVsIvfRt4l9LSsKu41qPfYJsI1gLjEp-KGmcF_888OFYVIP-b6GaIJhMAiguploQNjy0aB4ECoJ2LBIYkEQ6ICaeUgguNKxgFjwCum4kCgvzuareW0zA97kpmhfPBrkhoI0LwHTqJVJHyrktoRzZjj-t7FtTkwI-9magGQ09MeJkDssJL3UnoFB_APNgEYoB-O0lGA9HfXJyXB3Fi766cyTUzMJrpBvSyD1yKWFXTAx2N9-lmQrC_elsV4oI_DWvXxr_uC_nG9MGPXVrYGBKCO5rWbLhDtyp93SCUF3bCxWF-Ft_MoElQBuXirXxgGAS7lWcuEO_MnHZIJQXdr7FYX_4W1ZRwNhj11KyFUC0N5be5YGcGHsi9ZkglA9ywgF09FefpkJc2TgrUtpKTLgXf1Yx6eTXu98VmSCUC17KAXT0V5-mQlzZOBxbGlWp0CNzRx3p5PATt3oxzNhPy5Z1OMA3sw51oRSX9ztF4fx42DeidrmFb3sCdelAl-NW1jV5hCA-uxpN7DvDNrH5YKAXlvY6ROD_e9sarPiD_3KyGWDUV7b3BaG8OJuHFblAtCty3iGVFHezxmJ8-ViQbnoBfOQ7luJV1TRwhyM9uhkgV9s-vd1s6JOuysW9tEdTotaBFNgzvhmhHIfbQrH1VLg3YtZVtQ0Ho746mb2ESD-CYcVAjLQOZkGEhHr6gf1wsBti1lW08QegC4bCIICfG3pduUDIH1JSgWzoS48uUh3T22LWUZkAQ7c2lenkgJ8berZMmCOfElG5AHf3VpKlQV_YOz9aBa0gS5eKoYzZA7tSeYVEx5fetfYVSJeO6rXNAGx3ZjoFWPfTInK5gSDr93simbEwn68Wpe1EdzsK0kWYX2eikhnZUCg2wjnBoI_bAjWVpM_rUvrNsXQ30zYVcYwYN3o-FPDP95d2zZ2T_Ea-ulHdK3IqYtEKPPGxFVyKc6wkGY_HezNoHxMIP3UrISJMDfW7r2zNhj30al_UC0N5bS5YHpZKACYnz5WGBHBho57_uDAlXNLH_nPpIVQNQ3j4YiPLkYW2N61aUc87rKsbVA2GNOdimRCEOjJj35HTfLq04dRXQ_6xKiEJj_l9YiBcB8u3tuMWzAq5taxnnNO8vTTq1BYFejapmVHER69tXd0Pwnl3YhbMibS66VXbkHl-MB-e1sz5ty6UzwT8MmmhXU1C_i7o1cyJ9Ldl2pCNvK3p2F5TQja0YqOOwXWs6d4O0n5zdega0L96smZdXY7zrCTZkIU8cife04gBd2tsVhf_hbXqrKLZC4PvZprLyv11J1lWRQA4tCKZjYDFdHKeXhQHNrWpV0eHv2muZxHGvHwqolePBHIsr2UYEPc5bh8S08u8q9pVjsZD-StfGRE-PWhpYZONdXBdWQnGQvRx5pbMebeqaCCVCzU3YNxPhj154ytYU0IB8aYYSwr1NWYfUX-4L2ddUgf-dSqfVkoDeC5uWBnBh7hsnQ-IP3ctI1YNRXtwcFobw4mFOtuUC8J5baIZUUd8PGYspFgONDXdo5cIAL0sYB3HxHvwq9tMiD_3KCCbz0z95-XcmtE9vWjZFlHGfWUpF05HN2snHttHg39lGaFKSUN1r2WSUQezoikUCwYvrK1jjwQ6L2dd1M43Pqpp1FTJeHkiYZYNRfrwaVdFCjtvIheMfrhp5hpZ0QV28ejPj0d7s-oTW1F6PSKll4SBNyrnl43MwjstnZJBffejKN2MAHFz5xtLP8e9ImGfjAY9NekYD8Q4dqYVG0eD_fGjYAtNeLavkwoGw3PondbSfzcuKRJWhzevZ2eMh8l0tR-bTcn-dWSVT41--SWkFIMHwDIbHhNPvKll20zHyXXxoRcPjTIv52JPzb9tIymfQ4B9t5thj8c38OEbGdGE9LRpHQwAgTPs4hsFPbKnaZSMxn2qLViTRzp57F2LjgV_MaObTEd3Z6RcVgvGsO4j0ZE_te-bnhVOuq9tppJSBXXzX51LCnd356VJS3wx56VUhUA2NSQbDwQ576RmkJK-MnFqz8pCt7Wkk45P_vvhZRQMiz2rKZaVRzetaWddBYQ0rGGUT0fzNaMh2QX9-2ikGkV_b28g11mCBbBmnxBQ_3zxoFdNuzn0IyHWTbrwcZ6XCLk1rG0X1YzCdemcVE4Dd2NoH8o7QzNnYlXMe2sw6ZcVgvRxrZtZvjy5ph-LAUPtM-obTEfCr-Xh1g6_e-MpFwvBN-nf4xVEOHGn2lmKg_JnmlUOyPM5r2UawDy3s6aW0UD-L2wXV8Q76a1a3QJ9MnOq18pKMTgjIhjLwnpZ3SCO-sIBiTRD-v8VydjbtaNdikm-eWeljn-_L6JlVEO_d-2s0xmFs3cr50tPybbyKs9Vy_E5mZIJ_7dsoBlPTng54aeYUEV6tedfFA47aaIZ0QU7sCdfVQtKdDXdo5JNBjOpYR3MB0TpraHckf1zcmiQEcn6tKMYSju0K2KXjwI5cWcdXEYH77WsIZCBAbSn4pwLA3M4bCPXCXV8cx4ckcp3d6Ciw7wzauAWC4I3rmUYEUd8_GYnz5WGwu0dlg1Eue-kG1NJP35oKdGXjnf3Y-YXD4z-dKnezYyF_HKlVNQAPfMpm5D9hG3k5Av9ti1k2xAEO3NpH15ICfG3p2VWVMF4NB1ekEJD-rGj2wlAcqegVE2_dzXimsnEeXmonFGPRrtraxgTv0AwKFYHgDftZRoOBX1zKWhSE_uBuicekYx4c61g4EtMhPBxVwyHPDGvYVbKd7AnXtOLfjVtYxkYQgPrsZtVR0o5dtuUC0K37uIZUUc9PGYdlIp_NDXdo5NTPUCl5KIVCPj3JVdMC0WpohlQRvtwJ19VCwp0Nd2b1E0G73Gg15UHc6lw4hEQ-Dpw3FJBujFpHxPJgDZtIBlPRMRuL9edjkHE86UkmtM-fu9hng2CQa5iIVGG-7NzXRuUwjTt4Z4MQXlypmOcy3OsI1qPBjoxaV8UlH4_562g1MMAN2dhWlBB-jJkoZzBPjQy5tYUTMBtIplJgUa5Ld4WCwerpBtSiT0yKWFXDIx2N9-llRPH8zYlnVXNBDDuHpbQB0EmJ9BLxL2u498U0bh6daiXV3_8792iyxC5-2kXW1FDvmqg0o3Oe_OjXFrP_3swH5QKgz1r5dsNR4F75Z_VhQr97eyVVEI8MahZ0M9Hri1bVpW9QmxiF86OhXOpqJuFfnSrp9aPR7x6Zp3Yywh7rVkgBzsycWJTSgg5Z6AXzUR5biVbERJ8PeWrm1qRA7PjahwOATHxbSDTi_xrM2BRkMD04ZoRST30aB9XTQJCbC3Vm46AgPld3ZhAfHwpoJPKebZtbZ4TQ8O34FyTwwd88iWVzEC-5y6jSUvHuvLpW4t1riVcUsd8M2thFlZAAfft1ZaUzDzrWReZi0S4HZYJhXtrsFobw4LC-OzkGH07-zOo3lJ3sCOdUwt7gGor05HRCb70aWJWebIln1UNfYJ4YiabVAv-ZhmiVUv8892iTA3D-eab0sc_ciqf1oyCti6j2tFHOjKn31NLfjasIRiOwjqwJZwSxj60KeBXCgK4LeOazga8MidfEgqANi0hlg6EOjBnGhKIPnOpnhaMArdtIhqQBnzyZh6UCv_2KiKYDwP6biacUQc9siqgFw1DNi6kWRDFOjKoXVUKfjasYdhPAjqwZh1Shj60amDVSgK4bqRZTga8cmleEgqAduwilg6EezEmmhKIvTQp3haMgXhvYhqQhXuy5h6UiYA1qiKYjYP67iackcl_MiqglgvBti6kmhAG-jKonpRJvjasopeOgjqwptzTBj60qx9VCgK4ruSZzga8sygd0gqAtyuhFg6Eu3BmWhKI_TPrHhaMwXlvYhqQxXwyJh6Uyb_1aiKYzcO67iac0Yi9siqg1czCti6k2k-FOjKo3pSJPjas4xdOwjqw5txRBj606yEWSgK5LSQazga9MWieEgqBNWwi1g6FObDnWhKJPfTqnhaNAjfuYhqRBnuxJh6VCr81aiKZDoR5biadEoc_MiqhFo0DNi6lGtFGujKpHtRKvjatItkNwjqxJ1ySxj61KyFXSgK5L2VbDga9caceEgqBdW1hlg6FebFmmhKJffQpHhaNQjlt4hqRRrtyJh6VSn-2aiKZTsQ7biadUok9siqhVwwDdi6lW1BGOjLnHVOK_jbrIRdOgjrvJZyRxj7zKd9VSgL3LeTZjgb7MajeEgr_Nivhlg7DOnDlWhLHPvRpHhbLAzht4hrPB3xyJh7TC3926iLXD0V67ibbUQk-MirfVUvCti7jWU9GujLnXVTJPjbrYZjOAjrvZdvRhj7zad8WCgL3beSbDgb7cmdeUgr_di0hlg7DerAlmhLHfvQq3hbLQ3etYhrPRzvyph7TiQA3aiLXjUO5LibbkUj-8irflUvBNi7jmVFGOjLnnZVK_jbrodjPQjqv5pvRknwz9F4knFAGLC3jz8Z7suecE8p_9axsVg1OeDnv25HHfzSoH5XMAXjsI5nPhjt8Zh2eSAn_6-MYzgV4L-cc0ogIcikqVBXL920kWU-QejFyXCKaTgQ2bE2fi:Ø05AJBLKW2WnqTQOsOKlraihqJvzump6j3c90aLtvGr0fkOzLx5dmtWeKbBCRi4uIEKoqTsPT0XEtIjm1yfwJ4pl9H7-hDjjWO-2rdfszqCDVsmD3q3UcbLffzzQDDvr4H9b_Q7hxzJuAWdp0Q7F3uC59lyF_1mybr2IzAi_YGbvZ8ZkurwY0cXtDAJ4kByX-uZqICbH0qwlVuRP20b6C-h9Ar(6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-
You might have to base64 the payload for it to be copy-pastable. I think some of the characters can't be copied out.
However, I was able to visit the site you provided and get the payload from that endpoint. It definitely is a valid protobuf message and my installation of the blackboxprotobuf was able to decode it.
Are you trying to parse with the Burp extension? And if so, are you on the latest version? If you're using the python module, make sure you're using the bbpb
pypi package and not blackboxprotobuf
.
@rwinkelmaier-ncc thanks , i try a lot
when i use it it got following msg like value, message_type = decode_message(buf, messagetype) value, typedef, = blackboxprotobuf.lib.types.length_delim.decode_message(buf, message_type) field_typedef['type'] = blackboxprotobuf.lib.types.wire_type_defaults[wire_type] KeyError: 6