Burpsuite Plugin to decrypt AES Encrypted traffic on the fly
- Burpsuite
- Java
- Burpsuite 1.7.36
- Windows 10
- xubuntu 18.04
- Kali Linux 2018
- The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
- Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.
NOTE: Currently support AES/CBC/PKCS5Padding
encryption/decryption.
- Require AES Encryption Key (Can be obtained by using frida script or reversing mobile app)
- Require AES Encryption Initialize Vector (Can be obtained by using frida script or reversing mobile app)
- Request Parameter (Leave blank in case of whole request body)
- Response Parameter (Leave blank in case of whole response body)
- Character Separated with space for obfuscation on request/response (In case of Offuscation)
- URL/Host of target to decrypt/encrypt request and response
- AES_Killer for JSON request AES_Killer-JSON.java
- AES_Killer for random/alternate Parameters on different endpoints AES_Killer-Parameters.java
AES_Killer-Parameters.java: Let's say if application enforcing encryption on few parameters in request and these parameters will change every time with respect to endpoint/request so all you need to do is as follow
- Add endpoints by adding this.endpoints.add("abc");
in registerExtenderCallbacks function
- Add parameters which will be encrypted in `String[][] parameters`
- Add rest of parameter in grant_type or make blank entry
and let the code do the magic for you.
NOTE: These variant will not work for you directly due to nature of your request so might need little tweaking.
Download jar file from Release and add in burpsuite
- First setup frida server on IOS and Android device.
- Launch Application on mobile device.
- Run this frida script on your host machine to get AES Encryption Key and IV.
- Provide SecretSpecKey under
Secret Key
field - Provide IV under
Initialize Vector
field - Provide Host/URL to filter request and response for encryption and decryption
- Press
Start AES Killer
Download Demo App from here