MCPcopy Index your code
hub / github.com/Ebryx/AES-Killer

github.com/Ebryx/AES-Killer @v4.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v4.0 ↗ · + Follow
37 symbols 95 edges 2 files 3 documented · 8%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

AES Killer (Burpsuite Plugin)

Open Source Love GitHub version Open Source Love

Burpsuite Plugin to decrypt AES Encrypted traffic on the fly

Requirements

  • Burpsuite
  • Java

Tested on

  • Burpsuite 2021.4
  • Windows 10
  • Ubuntu & PopOS

What it does

  • The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
  • Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.

NOTE: Currently support AES/CBC/PKCS5Padding && AES/ECB/PKCS5Padding encryption/decryption.

How it works

  • Require AES Encryption Key (Can be obtained by using frida script or reversing mobile app)
  • Require AES Encryption Initialize Vector (Can be obtained by using frida script or reversing mobile app)
  • Request Parameter (Leave blank in case of whole request body)
  • Response Parameter (Leave blank in case of whole response body)
  • Character Separated with space for obfuscation on request/response (In case of Offuscation)
  • URL/Host of target to decrypt/encrypt request and response

Variants

AES_Killer-Parameters.java: Let's say if application enforcing encryption on few parameters in request and these parameters will change every time with respect to endpoint/request so all you need to do is as follow

- Add endpoints by adding this.endpoints.add("abc"); in registerExtenderCallbacks function
- Add parameters which will be encrypted in `String[][] parameters`
- Add rest of parameter in grant_type or make blank entry

and let the code do the magic for you.

  • AES_Killer_v3.0 a generic variant for alternate parameters on different endpoints with GET, POST (JSON, Form) support AES_Killer_v3.0.java

AES_Killer_v3.0.java: This variant is generic and can deal with any type of request format i-e GET, POST(Form, JSON) with alternate parameters on different endpoints

- Clone the project and replace the BurpExtender.java with AES_Killer_v3.0.java code
- Modify the endpoints and parameters of each request type in order as shown below
- Update SecretKey and IV parameters and other required methods
- Build the project and you are good to go

AES_Killer_v4.0.java: This variant is for Multi-Level encryption where application is encrypting few request parameters with one key and later on encrypting the whole request body with another key

- Clone the project and replace the BurpExtender.java with AES_Killer_v4.0.java code
- Modify the endpoints and parameters as shown below
- Update Secret Keys and other required methods
- Build the project and add jar file to your extender

NOTE: These variants will not work for you directly due to nature of your request so might need little tweaking.

How to Install

Download jar file from Release and add in burpsuite

Original Request/Response

Getting AES Encryption Key and IV

  • First setup frida server on IOS and Android device.
  • Launch Application on mobile device.
  • Run this frida script on your host machine to get AES Encryption Key and IV.

Decrypt Request/Response

  • Provide SecretSpecKey under Secret Key field
  • Provide IV under Initialize Vector field
  • Provide Host/URL to filter request and response for encryption and decryption
  • Press Start AES Killer

Download Demo App from here

Core symbols most depended-on inside this repo

print_output
called by 13
src/main/java/burp/BurpExtender.java
is_string_empty
called by 9
src/main/java/burp/AES_Killer.java
do_encrypt
called by 8
src/main/java/burp/BurpExtender.java
do_decrypt
called by 6
src/main/java/burp/BurpExtender.java
get_host
called by 4
src/main/java/burp/BurpExtender.java
update_req_params_json
called by 4
src/main/java/burp/BurpExtender.java
print_error
called by 3
src/main/java/burp/BurpExtender.java
validate_secret_key
called by 3
src/main/java/burp/AES_Killer.java

Shape

Method 35
Class 2

Languages

Java100%

Modules by API surface

src/main/java/burp/AES_Killer.java20 symbols
src/main/java/burp/BurpExtender.java17 symbols

For agents

$ claude mcp add AES-Killer \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact