Burp plugin to decrypt AES Encrypted traffic of mobile apps
Requirements
- Burpsuite
- Java
Tested on
- Burpsuite 1.7.36
- Windows 10
- xubuntu 18.04
- Kali Linux 2018
What it does
- Decrypt AES Encrypted traffic on proxy tab
- Decrypt AES Encrypted traffic on proxy, scanner, repeater and intruder
NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption
How it works
- Require AES Encryption Key (Can be obtained by reversing mobile app)
- Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)
- Request Parameter (Leave blank in case of whole request body)
- Response Parameter (Leave blank in case of whole response body)
- Character Separated with space for obfuscation on request/response
- URL/Host of target to filter request and response
How to Install
Download jar file from Release and add in burpsuite
Original Request/Response
Decrypted Request/Response