Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 7 commits behind Ebryx:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build
dist
nbproject
src/burp
LICENSE
README.md
build.xml
manifest.mf

README.md

AES Killer (Burpsuite Plugin)

Open Source Love GitHub version Open Source Love

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic

Requirements

  • Burpsuite
  • Java

Tested on

  • Burpsuite 1.7.36
  • Windows 10
  • xubuntu 18.04
  • Kali Linux 2018

What it does

  • Decrypt AES Encrypted traffic on proxy tab
  • Decrypt AES Encrypted traffic on proxy, scanner, repeater and intruder

NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption

How it works

  • Require AES Encryption Key (Can be obtained by reversing mobile app)
  • Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)
  • Request Parameter (Leave blank in case of whole request body)
  • Response Parameter (Leave blank in case of whole response body)
  • Character Separated with space for obfuscation on request/response
  • URL/Host of target to filter request and response

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Decrypted Request/Response