AES-Killer v3.0 – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

0
4
AES-Killer v3.0 - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

Burpsuite Plugin to decrypt AES Encrypted visitors on the fly.

Requirements


Tested on

  • Burpsuite 1.7.36
  • Windows 10
  • xubuntu 18.04
  • Kali Linux 2018

What it does

  • The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
  • Burp sees the decrypted visitors, together with Repeater, Intruder and Scanner, however the consumer/cell app and server see the encrypted model.

NOTE: Currently help AES/CBC/PKCS5Padding encryption/decryption.

How it really works

  • Require AES Encryption Key (Can be obtained by utilizing frida script or reversing cell app)
  • Require AES Encryption Initialize Vector (Can be obtained by utilizing frida script or reversing cell app)
  • Request Parameter (Leave clean in case of entire request physique)
  • Response Parameter (Leave clean in case of entire response physique)
  • Character Separated with house for obfuscation on request/response (In case of Offuscation)
  • URL/Host of goal to decrypt/encrypt request and response

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Getting AES Encryption Key and IV

  • First setup frida server on IOS and Android system.
  • Launch Application on cell system.
  • Run this frida script in your host machine to get AES Encryption Key and IV.

Decrypt Request/Response

  • Provide SecretSpecKey below Secret Key discipline
  • Procide IV below Initialize Vector discipline
  • Provide Host/URL to filter request and response for encryption and decryption
  • Press Start AES Killer

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.