Skip to content
Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
Branch: master
Clone or download
Latest commit af213c3 Nov 12, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build v3.0 Nov 1, 2018
dist v3.0 Nov 1, 2018
nbproject v3.0 Nov 1, 2018
src/burp v3.0 Nov 1, 2018
LICENSE Create LICENSE Sep 24, 2018
README.md Update README.md Nov 12, 2018
build.xml Update build.xml Oct 1, 2018
manifest.mf AES Killer initial release Sep 24, 2018

README.md

AES Killer (Burpsuite Plugin)

Open Source Love GitHub version Open Source Love

Burpsuite Plugin to decrypt AES Encrypted traffic on the fly

Requirements

  • Burpsuite
  • Java

Tested on

  • Burpsuite 1.7.36
  • Windows 10
  • xubuntu 18.04
  • Kali Linux 2018

What it does

  • The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
  • Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.

NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption.

How it works

  • Require AES Encryption Key (Can be obtained by using frida script or reversing mobile app)
  • Require AES Encryption Initialize Vector (Can be obtained by using frida script or reversing mobile app)
  • Request Parameter (Leave blank in case of whole request body)
  • Response Parameter (Leave blank in case of whole response body)
  • Character Separated with space for obfuscation on request/response (In case of Offuscation)
  • URL/Host of target to decrypt/encrypt request and response

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Getting AES Encryption Key and IV

  • First setup frida server on IOS and Android device.
  • Launch Application on mobile device.
  • Run this frida script on your host machine to get AES Encryption Key and IV.

Decrypt Request/Response

  • Provide SecretSpecKey under Secret Key field
  • Provide IV under Initialize Vector field
  • Provide Host/URL to filter request and response for encryption and decryption
  • Press Start AES Killer

Download Demo App from here
You can’t perform that action at this time.