Skip to content

jas502n/Burp_AES_Plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
AESDecode
AESDecode
 
 
README.md
README.md
 
 
key.png
key.png
 
 
success.png
success.png
 
 
target.png
target.png
 
 

Repository files navigation

Burpsuite Plugin For AES Crack

0x00 mvn install to get jar

git clone https://github.com/jas502n/Burp_AES_Plugin/

cd ~/github/Burp_AES_Plugin/AESDecode

vi src/main/java/burp/BurpExtender.java

mvn install

[INFO] --- maven-install-plugin:2.4:install (default-install) @ AESCrack ---
[INFO] Installing /root/github/Burp_AES_Plugin/AESDecode/target/AESCrack-1.0-SNAPSHOT.jar to /root/.m2/repository/com/jas502n/AESCrack/1.0-SNAPSHOT/AESCrack-1.0-SNAPSHOT.jar
[INFO] Installing /root/github/Burp_AES_Plugin/AESDecode/pom.xml to /root/.m2/repository/com/jas502n/AESCrack/1.0-SNAPSHOT/AESCrack-1.0-SNAPSHOT.pom
[INFO] Installing /root/github/Burp_AES_Plugin/AESDecode/target/AESCrack-1.0-SNAPSHOT-jar-with-dependencies.jar to /root/.m2/repository/com/jas502n/AESCrack/1.0-SNAPSHOT/AESCrack-1.0-SNAPSHOT-jar-with-dependencies.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  3.627 s
[INFO] Finished at: 2020-06-18T00:17:09+08:00
[INFO] ------------------------------------------------------------------------

0x01 最近遇到挺多网站前端用的 aes 加密登录,就想弄一个 Burpsuite AES 加密爆破插件

0x02 查阅资料,造轮子

如何编写自己的Burp Suite插件 https://t0data.gitbooks.io/burpsuite/content/chapter16.html

开发BurpSuite扩展爆破某平台 https://gorgias.me/2017/03/29/%E5%BC%80%E5%8F%91BurpSuite%E6%89%A9%E5%B1%95%E7%88%86%E7%A0%B4%E6%9F%90%E5%B9%B3%E5%8F%B0/

Burpsuite API Javadoc https://portswigger.net/burp/extender/api/

CoolCat 写的 AesDecode插件,支持菜单页面加密与解密,爆破 https://github.com/TheKingOfDuck/ https://blog.gzsec.org/archives/

c0ny1 的jsEncrypter https://github.com/c0ny1/jsEncrypter

0x03 idea 新建 mvn 项目,pom.xml 中添加依赖

    <dependencies>
        <!-- https://mvnrepository.com/artifact/net.portswigger.burp.extender/burp-extender-api -->
        <dependency>
            <groupId>net.portswigger.burp.extender</groupId>
            <artifactId>burp-extender-api</artifactId>
            <version>1.7.22</version>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-assembly-plugin</artifactId>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals>
                            <goal>single</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <descriptorRefs>
                        <descriptorRef>jar-with-dependencies</descriptorRef>
                    </descriptorRefs>
                </configuration>
            </plugin>
        </plugins>
    </build>

0x04 新建包名 burp, java 类 BurpExtender,实现 AES 加密方法

IBurpExtender 官方必须要implements

IIntruderPayloadProcessor 由于我们要用到Intruder的爆破功能即可,所以需要implements

public class BurpExtender implements IBurpExtender, IIntruderPayloadProcessor {
    private static IExtensionHelpers helpers;
    public final static String extensionName = "AESCrack"; // 插件名称
    public final static String version = "1.0";
    public final static String AES_IV = "1234567812345678"; // 设置 AES IV 值
    public final static String AES_KEY = "key12345key67890"; // 设置 AES KEY 值
encryptAES (设置 AES iv 值)
    public static String encryptAES(String paramString1, String paramString2)
            throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, UnsupportedEncodingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        SecretKeySpec key = new SecretKeySpec(paramString2.getBytes(), "AES");
        IvParameterSpec iv = new IvParameterSpec("your-iv-value".getBytes()); //set iv
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, key, iv);
        return helpers.base64Encode(cipher.doFinal(paramString1.getBytes()));
    }

processPayload 方法 (设置 AES KEY)

    public byte[] processPayload(byte[] currentPayload, byte[] originalPayload, byte[] baseValue) {
        String dataParameter = helpers.bytesToString(currentPayload);
        String AesEncodeStr = null;
        try {
            AesEncodeStr = encryptAES(dataParameter, "your-aes-key"); //set aes key
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        }
        return helpers.stringToBytes(AesEncodeStr);
    }

0x05 idea mvn 编译

Intellij-idea 如何编译maven工程 https://blog.csdn.net/u013044029/article/details/71681891

编译运行成功,在 target 目录,得到 aes.jar 文件

一个没有依赖(文件小) AESCrack-1.0-SNAPSHOT.jar 一个有依赖(文件大) AESCrack-1.0-SNAPSHOT-jar-with-dependencies.jar

Burpsuite 加载插件时,使用没有依赖的就行了 AESCrack-1.0-SNAPSHOT.jar

0x06 AES 爆破效果

About

Burpsuite Plugin For AES Crack

Resources

Readme
Activity

Stars

37 stars

Watchers

4 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages