Burpsuite Plugin to decrypt AES Encrypted traffic on the fly

NOTE: Currently support AES/CBC/PKCS5Padding && AES/ECB/PKCS5Padding encryption/decryption.
AES_Killer-Parameters.java: Let's say if application enforcing encryption on few parameters in request and these parameters will change every time with respect to endpoint/request so all you need to do is as follow
- Add endpoints by adding this.endpoints.add("abc"); in registerExtenderCallbacks function
- Add parameters which will be encrypted in `String[][] parameters`
- Add rest of parameter in grant_type or make blank entry
and let the code do the magic for you.
AES_Killer_v3.0.java: This variant is generic and can deal with any type of request format i-e GET, POST(Form, JSON) with alternate parameters on different endpoints
- Clone the project and replace the BurpExtender.java with AES_Killer_v3.0.java code - Modify the endpoints and parameters of each request type in order as shown below - Update SecretKey and IV parameters and other required methods - Build the project and you are good to go

AES_Killer_v4.0.java: This variant is for Multi-Level encryption where application is encrypting few request parameters with one key and later on encrypting the whole request body with another key
- Clone the project and replace the BurpExtender.java with AES_Killer_v4.0.java code - Modify the endpoints and parameters as shown below - Update Secret Keys and other required methods - Build the project and add jar file to your extender

NOTE: These variants will not work for you directly due to nature of your request so might need little tweaking.
Download jar file from Release and add in burpsuite



Secret Key fieldInitialize Vector fieldStart AES Killer
Download Demo App from here
$ claude mcp add AES-Killer \
-- python -m otcore.mcp_server <graph>