Let's try to decode the value of the session token PHPSESSID found in the OWASP Mutillidae II application. When a user initially browses to the URL (http://<Your_VM_Assigned_IP_Address>/mutillidae/), that user will be assigned a PHPSESSID cookie. The PHPSESSID value appears to be encrypted and then wrapped in base 64 encoding. Using Decoder, we can unwrap the value.

1. Browse to the http://<Your_VM_Assigned_IP_Address>/mutillidae/ application. 
2. Find the HTTP request you just generated from your browse within the Proxy | HTTP history tab (shown in the next screenshot). Highlight the PHPSESSID value, not the parameter name, right-click, and select Send to Decoder:

3. In the Decoder tab, in the Decode as… drop-down as follows, select Base 64. Note the results are viewed in the Hex editor and are encrypted:

In this example, we cannot proceed any further. We can confirm the value was, indeed, wrapped in Base 64. However, the value that is unwrapped is encrypted. The purpose of this recipe is to show you how you can use Decoder to manipulate encoded values.