GitHub - Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps

GitHub - Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps
2018-10-03 11:56:20 Author: github.com(查看原文) 阅读量:210 收藏

Join GitHub today

GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.

Burp plugin to decrypt AES Encrypted traffic of mobile apps

Java 100.0%

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic

Requirements

Burpsuite
Java

Tested on

Burpsuite 1.7.36
Windows 10
xubuntu 18.04
Kali Linux 2018

What it does

Decrypt AES Encrypted traffic on proxy tab
Decrypt AES Encrypted traffic on proxy, scanner, repeater and intruder

NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption

How it works

Require AES Encryption Key (Can be obtained by reversing mobile app)
Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)
Request Parameter (Leave blank in case of whole request body)
Response Parameter (Leave blank in case of whole response body)
Character Separated with space for obfuscation on request/response
URL/Host of target to filter request and response

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Decrypted Request/Response

Press h to open a hovercard with more details.

文章来源: https://github.com/Ebryx/AES-Killer
如有侵权请联系:admin#unsafe.sh