Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jas502n/Burp_AES_Plugin

Burpsuite Plugin For AES Crack
https://github.com/jas502n/Burp_AES_Plugin

Last synced: 21 days ago
JSON representation

Burpsuite Plugin For AES Crack

Host: GitHub
URL: https://github.com/jas502n/Burp_AES_Plugin
Owner: jas502n
Created: 2020-06-17T13:31:40.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-06-17T17:15:45.000Z (over 4 years ago)
Last Synced: 2024-08-05T17:37:06.282Z (4 months ago)
Language: Java
Size: 1.04 MB
Stars: 38
Watchers: 4
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - jas502n/Burp_AES_Plugin - Burpsuite Plugin For AES Crack (Java)

README

        # Burpsuite Plugin For AES Crack

## 0x00 mvn install to get jar

`git clone https://github.com/jas502n/Burp_AES_Plugin/`

`cd ~/github/Burp_AES_Plugin/AESDecode`

`vi src/main/java/burp/BurpExtender.java`

`mvn install`

```

[INFO] --- maven-install-plugin:2.4:install (default-install) @ AESCrack ---

[INFO] Installing /root/github/Burp_AES_Plugin/AESDecode/target/AESCrack-1.0-SNAPSHOT.jar to /root/.m2/repository/com/jas502n/AESCrack/1.0-SNAPSHOT/AESCrack-1.0-SNAPSHOT.jar

[INFO] Installing /root/github/Burp_AES_Plugin/AESDecode/pom.xml to /root/.m2/repository/com/jas502n/AESCrack/1.0-SNAPSHOT/AESCrack-1.0-SNAPSHOT.pom

[INFO] Installing /root/github/Burp_AES_Plugin/AESDecode/target/AESCrack-1.0-SNAPSHOT-jar-with-dependencies.jar to /root/.m2/repository/com/jas502n/AESCrack/1.0-SNAPSHOT/AESCrack-1.0-SNAPSHOT-jar-with-dependencies.jar

[INFO] ------------------------------------------------------------------------

[INFO] BUILD SUCCESS

[INFO] ------------------------------------------------------------------------

[INFO] Total time:  3.627 s

[INFO] Finished at: 2020-06-18T00:17:09+08:00

[INFO] ------------------------------------------------------------------------

```

## 0x01 最近遇到挺多网站前端用的 aes 加密登录,就想弄一个 Burpsuite AES 加密爆破插件

![](./key.png)

## 0x02 查阅资料,造轮子

如何编写自己的Burp Suite插件

https://t0data.gitbooks.io/burpsuite/content/chapter16.html

开发BurpSuite扩展爆破某平台

https://gorgias.me/2017/03/29/%E5%BC%80%E5%8F%91BurpSuite%E6%89%A9%E5%B1%95%E7%88%86%E7%A0%B4%E6%9F%90%E5%B9%B3%E5%8F%B0/

Burpsuite API Javadoc

https://portswigger.net/burp/extender/api/

CoolCat 写的 AesDecode插件,支持菜单页面加密与解密,爆破

https://github.com/TheKingOfDuck/

https://blog.gzsec.org/archives/

c0ny1 的jsEncrypter

https://github.com/c0ny1/jsEncrypter

## 0x03 idea 新建 mvn 项目,pom.xml 中添加依赖

```

    

        

        

            net.portswigger.burp.extender

            burp-extender-api

            1.7.22

        

    

```

```

    

        

            

                org.apache.maven.plugins

                maven-assembly-plugin

                

                    

                        package

                        

                            single

                        

                    

                

                

                    

                        jar-with-dependencies

                    

                

            

        

    

```

## 0x04 新建包名 burp, java 类 BurpExtender,实现 AES 加密方法

IBurpExtender  官方必须要implements

IIntruderPayloadProcessor 由于我们要用到Intruder的爆破功能即可,所以需要implements

```

public class BurpExtender implements IBurpExtender, IIntruderPayloadProcessor {

    private static IExtensionHelpers helpers;

    public final static String extensionName = "AESCrack"; // 插件名称

    public final static String version = "1.0";

    public final static String AES_IV = "1234567812345678"; // 设置 AES IV 值

    public final static String AES_KEY = "key12345key67890"; // 设置 AES KEY 值

```

##### encryptAES (设置  AES iv 值)

```

    public static String encryptAES(String paramString1, String paramString2)

            throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, UnsupportedEncodingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {

        SecretKeySpec key = new SecretKeySpec(paramString2.getBytes(), "AES");

        IvParameterSpec iv = new IvParameterSpec("your-iv-value".getBytes()); //set iv

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

        cipher.init(1, key, iv);

        return helpers.base64Encode(cipher.doFinal(paramString1.getBytes()));

    }

```

processPayload 方法 (设置 AES KEY)

```

    public byte[] processPayload(byte[] currentPayload, byte[] originalPayload, byte[] baseValue) {

        String dataParameter = helpers.bytesToString(currentPayload);

        String AesEncodeStr = null;

        try {

            AesEncodeStr = encryptAES(dataParameter, "your-aes-key"); //set aes key

        } catch (InvalidKeyException e) {

            e.printStackTrace();

        } catch (NoSuchAlgorithmException e) {

            e.printStackTrace();

        } catch (NoSuchPaddingException e) {

            e.printStackTrace();

        } catch (UnsupportedEncodingException e) {

            e.printStackTrace();

        } catch (InvalidAlgorithmParameterException e) {

            e.printStackTrace();

        } catch (IllegalBlockSizeException e) {

            e.printStackTrace();

        } catch (BadPaddingException e) {

            e.printStackTrace();

        }

        return helpers.stringToBytes(AesEncodeStr);

    }

```

## 0x05 idea mvn 编译

Intellij-idea 如何编译maven工程

https://blog.csdn.net/u013044029/article/details/71681891

编译运行成功,在 target 目录,得到 aes.jar 文件

一个没有依赖(文件小) `AESCrack-1.0-SNAPSHOT.jar`

一个有依赖(文件大) `AESCrack-1.0-SNAPSHOT-jar-with-dependencies.jar`

Burpsuite 加载插件时,使用没有依赖的就行了 `AESCrack-1.0-SNAPSHOT.jar`

![](./target.png)

## 0x06 AES 爆破效果

![](success.png)