Navigating the modern security landscape often feels like traversing a minefield filled with cleverly disguised threats. Among these threats, obfuscated URLs encoded in Base64 pose a unique risk. Meet Gore64, a chromium-based browser extension designed explicitly for cybersecurity professionals who regularly encounter encoded URLs and want a fast, safe method to decode them without ever clicking.
What Exactly is Gore64?
Gore64 is a lightweight, easy-to-use Chromium browser extension that identifies and decodes Base64-encoded strings embedded in hyperlinks. By right-clicking on any suspicious link, Gore64 instantly decodes any hidden Base64 content, allowing users to quickly assess threats and safely understand the destination without risking a click.
How Gore64 Works
Once installed, Gore64 adds a context menu option named "Barberion’s Gore64" to your Chromium-based browser. Here's the step-by-step functionality:
- Right-Click: Select any suspicious, obfuscated URL.
- Decode: Click "Barberion’s Gore64" from the context menu.
- View Results: A new window will open displaying decoded URLs. You might see some non-readable characters (gobbly gook), but look carefully for the clearly readable URLs within the decoded results.
No network requests, no third-party decoding, just clean, instant decoding directly in your browser.
Installation Guide for Gore64
Step 1: Preparing the Files
Create a new directory named Gore64 and include two essential files:
manifest.json: Contains extension metadata.background.js: Manages the decoding functionality.- Create a folder inside Gore64 named images and download the following 4 png’s
Step 2: Activate Developer Mode
- Open Chrome or any Chromium-based browser.
- Navigate to
chrome://extensions/. - Enable the toggle for Developer mode located in the upper-right corner.
Step 3: Load Your Extension
- Click Load unpacked and select the
Gore64directory. - The Gore64 extension will immediately become active.
Quick Usage Example
Right-click any suspicious Base64-encoded URL:
https://malicious.example.com?data=aHR0cHM6Ly9zaGFkeS1zaXRlLmNvbQ==
- Select "Barberion’s Gore64" from the context menu.
- Instantly view the decoded URL:
https://shady-site.com
Note: Decoded output may include some unreadable content:
Ûi
ÿø¬qéí
:Ü
¢¸?¢Úìþ)Ý
Ëb
§µ8ëY
N'$zÒ
ç¾x
Focus on the clearly readable URLs to identify potential threats.
Key Features
- Fast & Local: Decoding happens instantly in your browser.
- Secure: No external requests or logging, ensuring privacy and security.
- Convenient: Easy-to-use context menu integration.
- Universal: Compatible with Chrome, Edge, Brave, and other Chromium browsers.
Why Use Gore64?
- Security Analysis: Quickly analyze encoded phishing or malware URLs safely.
- Incident Response: Decode malicious payload URLs without executing them.
- Enhanced Productivity: Save time and effort typically spent decoding URLs manually or using external tools.
Customization
Gore64 includes multiple high-quality icons (16, 32, 48, 128 pixels) ensuring a sharp appearance across various resolutions.
Conclusion
Gore64 is a specialized, powerful tool ideal for cybersecurity professionals who need to quickly decode obfuscated URLs. It's a straightforward, efficient extension to maintain digital safety without compromising convenience or speed.
Equip yourself with Gore64—the cleaner, safer way to uncover encoded threats lurking behind suspicious URLs.
Unveil the hidden dangers. Decode with Gore64.
manifest.json
{
"manifest_version": 3,
"name": "Gore64",
"version": "1.6",
"description": "Decode Base64 encoded strings in links.",
"permissions": ["contextMenus", "activeTab", "scripting"],
"background": {
"service_worker": "background.js"
},
"icons": {
"16": "images/16.png",
"32": "images/32.png",
"48": "images/48.png",
"128": "images/128.png"
}
}
background.js
chrome.runtime.onInstalled.addListener(() => {
chrome.contextMenus.create({
id: "base64Decode",
title: "Barberion's Gore64",
contexts: ["link"]
});
});
chrome.contextMenus.onClicked.addListener((info, tab) => {
if (info.menuItemId === "base64Decode") {
const url = info.linkUrl;
// Regular expression to identify potential Base64 strings
const base64Pattern = /(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?/g;
const matches = url.match(base64Pattern) || [];
let decodedResults = [];
matches.forEach((potentialBase64) => {
try {
if (potentialBase64 && potentialBase64.length > 0) {
// Decode the Base64 string
let decodedText = atob(potentialBase64);
// Attempt to convert decoded text to readable UTF-8 string
try {
decodedText = decodeURIComponent(escape(decodedText));
} catch (e) {
// If conversion fails, use the original decoded text
}
// Append to results
decodedResults.push(decodedText);
}
} catch (e) {
// Ignore errors and continue
}
});
if (decodedResults.length > 0) {
chrome.scripting.executeScript({
target: { tabId: tab.id },
func: displayDecodedResults,
args: [decodedResults.join("\n\n")]
});
} else {
chrome.scripting.executeScript({
target: { tabId: tab.id },
func: displayNoBase64Found
});
}
}
});
function displayDecodedResults(decodedText) {
const htmlContent = `
<div id="customDialog" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%);
background-color: white; border: 1px solid #ccc; padding: 20px; z-index: 10000; font-family: Arial, sans-serif; width: 80%; max-width: 600px; box-shadow: 0px 0px 15px rgba(0,0,0,0.2);">
<h2 style="margin-top: 0;">Decoded Base64</h2>
<textarea style="width: 100%; height: 200px;" readonly>${decodedText}</textarea>
<br><br>
<button id="closeDialog">Close</button>
</div>
`;
const dialogElement = document.createElement('div');
dialogElement.innerHTML = htmlContent;
document.body.appendChild(dialogElement);
document.getElementById('closeDialog').addEventListener('click', () => {
dialogElement.remove();
});
}
function displayNoBase64Found() {
alert("No valid Base64 encoded string found.");
}