{"id":13389516,"url":"https://github.com/c0ny1/jsEncrypter","last_synced_at":"2025-03-13T14:31:26.688Z","repository":{"id":43175355,"uuid":"114464776","full_name":"c0ny1/jsEncrypter","owner":"c0ny1","description":"一个用于前端加密Fuzz的Burp Suite插件","archived":false,"fork":false,"pushed_at":"2020-03-06T08:35:43.000Z","size":4825,"stargazers_count":1028,"open_issues_count":9,"forks_count":128,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-03-12T18:08:55.633Z","etag":null,"topics":["burpsuite-extender","fuzz-testing"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/c0ny1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-16T13:57:46.000Z","updated_at":"2025-03-10T18:01:18.000Z","dependencies_parsed_at":"2022-07-10T03:31:45.125Z","dependency_job_id":null,"html_url":"https://github.com/c0ny1/jsEncrypter","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FjsEncrypter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FjsEncrypter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FjsEncrypter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/c0ny1%2FjsEncrypter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/c0ny1","download_url":"https://codeload.github.com/c0ny1/jsEncrypter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243422474,"owners_count":20288465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burpsuite-extender","fuzz-testing"],"created_at":"2024-07-30T13:01:15.886Z","updated_at":"2025-03-13T14:31:26.664Z","avatar_url":"https://github.com/c0ny1.png","language":"Java","readme":"\u003ch1 align=\"center\"\u003ejsEncrypter | 前端加密Fuzz插件\u003c/h1\u003e\r\n\r\n\u003cp align=\"center\"\u003e\r\n  \u003cimg title=\"portainer\" src='https://img.shields.io/badge/version-0.3.2-brightgreen.svg' /\u003e\r\n  \u003cimg title=\"portainer\" src='https://img.shields.io/badge/java-1.7.*-yellow.svg' /\u003e\r\n  \u003cimg title=\"portainer\" src='https://img.shields.io/badge/license-MIT-red.svg' /\u003e\r\n\u003c/p\u003e\r\n\r\n\r\n## 0x01 插件简介\r\n\r\n本插件使用`phantomjs`启动前端加密函数对数据进行加密，方便对加密数据输入点进行fuzz，比如可以使用于前端加密传输爆破等场景。\r\n\r\n![界面](./doc/tab.png)\r\n\r\n## 0x02 插件编译\r\n\r\n安装好maven，然后执行以下命令即可编译成功：\r\n\r\n```\r\nmvn package\r\n```\r\n\r\n## 0x03 插件使用\r\n#### 3.1 运行靶机\r\n项目提供了一个用php编写的靶机（jsEncrypter/server）,靶机提供了7个算法对密码进行加密后传输，后台解密，最后进行密码匹配。\r\n\r\n* base64\r\n* md5\r\n* sha1\r\n* sha254\r\n* sha384\r\n* sha512\r\n* RSA\r\n\r\n![靶机](./doc/server.png)\r\n\r\n#### 3.2 编写phantomJS运行脚本\r\n\r\n`jsEncrypter/js/jsEncrypter_base.js`为插件phantomJS脚本模板。我们只需要将实现加密算法的js文件引入模板脚本，并在模板脚本的js_encrypt函数体中完成对加密函数的调用。\r\n\r\n````\r\n...\r\n/* 1.在这引入实现加密所有js文件,注意引入顺序和网页一致 */\r\nloadScript(\"script-1.js\");\r\nloadScript(\"script-2.js\");\r\nloadScript(\"script-n.js\");\r\n/**********************************************/\r\n\r\n...\r\n\r\nfunction jsEncrypt(burp_payload){\r\n\tvar new_payload;\r\n\t/* 2.在这里编写调用加密函数进行加密的代码,并把结果赋值给new_payload */\r\n\r\n\t/*********************************************************/\r\n\treturn new_payload;\r\n}\r\n...\r\n````\r\n\r\n项目jsEncrypter/server/TestScript目录下是编写好的对应靶机各个加密算法的phantomJS脚本，可以参考！\r\n\r\n#### 3.3 运行phantomJS并测试\r\n运行phantomJS\r\n\r\n```\r\n\u003ephantomJS.exe jsEncrypter_sha1.js \r\n```\r\n\r\n测试的目的是为了确保我们编写的phantomJS脚本能够正常加密payload。\r\n\r\n![运行phantomJS并测试](./doc/test.gif)\r\n\r\n#### 3.4 抓包暴力破解\r\n![抓包暴力破解](./doc/crack.gif)\r\n\r\n## 0x04 相关文章\r\n* [编写加密传输爆破插件jsEncrypter](http://gv7.me/articles/2017/jsEncrypter/)\r\n* [快速定位前端加密方法](http://gv7.me/articles/2018/fast-locate-the-front-end-encryption-method/)\r\n* [解决jsEncrypter脚本错误代码不报错问题](http://gv7.me/articles/2018/solve-jsEncrypter-script-error-code-is-not-wrong/)\r\n* [jsEncrypter的Node.js版server脚本](http://gv7.me/articles/2018/jsEncrypter-nodejs-server-script/)","funding_links":[],"categories":["Java","Java (504)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc0ny1%2FjsEncrypter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fc0ny1%2FjsEncrypter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fc0ny1%2FjsEncrypter/lists"}