Skip to content

Latest commit

 

History

History
57 lines (42 loc) · 2.93 KB

README.md

File metadata and controls

57 lines (42 loc) · 2.93 KB

AES Killer (Burpsuite Plugin)

Open Source Love GitHub version Open Source Love

Burpsuite Plugin to decrypt AES Encrypted traffic on the fly

Requirements

  • Burpsuite
  • Java

Tested on

  • Burpsuite 1.7.36
  • Windows 10
  • xubuntu 18.04
  • Kali Linux 2018

What it does

  • The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
  • Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.

NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption.

How it works

  • Require AES Encryption Key (Can be obtained by using frida script or reversing mobile app)
  • Require AES Encryption Initialize Vector (Can be obtained by using frida script or reversing mobile app)
  • Request Parameter (Leave blank in case of whole request body)
  • Response Parameter (Leave blank in case of whole response body)
  • Character Separated with space for obfuscation on request/response (In case of Offuscation)
  • URL/Host of target to decrypt/encrypt request and response

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Getting AES Encryption Key and IV

  • First setup frida server on IOS and Android device.
  • Launch Application on mobile device.
  • Run this frida script on your host machine to get AES Encryption Key and IV.

Decrypt Request/Response

  • Provide SecretSpecKey under Secret Key field
  • Provide IV under Initialize Vector field
  • Provide Host/URL to filter request and response for encryption and decryption
  • Press Start AES Killer

Download Demo App from here