AES-Killer - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps


Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.

Requirements
  • Burpsuite
  • Java

Tested on
  • Burpsuite 1.7.36
  • Windows 10
  • xubuntu 18.04
  • Kali Linux 2018

What it does
  • Decrypt AES Encrypted traffic on proxy tab
  • Decrypt AES Encrypted traffic on proxy, scanner, repeater and intruder

How it works
  • Require AES Encryption Key (Can be obtained by reversing mobile app)
  • Require AES Encryption Initialize Vector (Can be obtained by reversing mobile app)
  • Request Parameter (Leave blank in case of whole request body)
  • Response Parameter (Leave blank in case of whole response body)
  • Character Separated with space for obfuscation on request/response
  • URL/Host of target to filter request and response

How to Install
Download jar file from Release and add in burpsuite


Original Request/Response


Decrypted Request/Response



AES-Killer - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps AES-Killer - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps Reviewed by Lydecker Black on 9:27 AM Rating: 5