Skip to content
/ AES-Killer Public
forked from Ebryx/AES-Killer

Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly

License

MIT license
0 stars 117 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

akimdi/AES-Killer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

build

build

 
 

dist

dist

 
 

nbproject

nbproject

 
 

src/burp

src/burp

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.xml

build.xml

 
 

manifest.mf

manifest.mf

 
 

Repository files navigation

AES Killer (Burpsuite Plugin)

Open Source Love GitHub version Open Source Love

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic

Requirements

  • Burpsuite
  • Java

Tested on

  • Burpsuite 1.7.36
  • Windows 10
  • xubuntu 18.04
  • Kali Linux 2018

What it does

  • Decrypt AES Encrypted traffic on proxy tab
  • Decrypt AES Encrypted traffic on proxy, scanner, repeater and intruder

NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption. Not generic yet (have to modify depending upon the application behavior).

How it works

  • Require AES Encryption Key (Can be obtained by reversing mobile app)
  • Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)
  • Request Parameter (Leave blank in case of whole request body)
  • Response Parameter (Leave blank in case of whole response body)
  • Character Separated with space for obfuscation on request/response
  • URL/Host of target to filter request and response

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Decrypted Request/Response

About

Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Java 100.0%