f0ng / autodecoder Goto Github PK
View Code? Open in Web Editor NEWBurp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。
Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加解密的基础上,不影响APP、网站加解密正常逻辑等。
有的app是请求不加密但是返回使用的aes加密。这种只能用autodecoder的接口来编写。但是如果可以加入但自带的解密解密接口来说会比较方便希望作者可以将这个功能加入进去。另外如果作者能在自带加密解密中携带更多的加密算法比rsa等。还有aes常用的模式会更加方便的工具很不错。
场景是请求的header里有sign字段,每次对这个字段的值进行加密,有进行加密的http接口,目前这个项目支持吗
鉴赏链接:
https://blog.csdn.net/jtsqrj/article/details/124429182
https://blog.csdn.net/jtsqrj/article/details/124242654
大大佬,建议添加请求头中有关键字的时候触发脚本处理以及响应包也把头部字段返回来处理的功能呢,有时候会用的到😅
有些情况下加密的参数在get请求中传递,插件有支持这种类似的加解密吗?
The car was really nice and useful. This plugin really works great. Can you add English language support so that more people can use it?
在历史抓包记录里正常解密没有问题
问题就出现在这里 返回包是错误的 我查看了我写的接口记录
按理说他那个databody应该是加密前的数据也就是{"sac001":"0","ack001":"2c928ab58acbad7a018b3b6210183399","classPId":"WP00000103","state":"7","pageIndex":1,"pageSize":3}
但是他现在还是加密的数据 导致在发包的时候又进行了一次加密 我不知道是扫描原因
下面是我的js脚本
var http = require('http');
const url = require('url');
const querystring = require('querystring');
var CryptoJS = require("crypto-js");
const key = CryptoJS.PBKDF2('D0so6K', CryptoJS.enc.Hex.parse('40b92f21b7356c04b79fbe18c10752cb'), {
keySize: 4,
iterations: 1000
});
const iv = CryptoJS.enc.Hex.parse('6a83227ace94510ca9b77878a2d0c6da');
function Encrypt(word) {
var srcs = CryptoJS.enc.Utf8.parse(word);
var encrypted = CryptoJS.AES.encrypt(srcs, key, {iv:iv});
return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}
function Decrypt(word) {
var decrypt = CryptoJS.AES.decrypt(word, key, { iv:iv});
return decrypt.toString(CryptoJS.enc.Utf8);
}
http.createServer(function (req, res) {
let path = url.parse(req.url);
let postparms = '';
if (path.pathname === '/encode') {
console.log("encode路由");
req.on('data', (parms) => {
postparms += parms;
});
req.on('end', () => {
postparms = querystring.parse(postparms);
console.log(postparms);
let dataBody = postparms.dataBody;
let Data = Encrypt(dataBody);
console.log(Data);
res.end(Data);
})
} else if (path.pathname === '/decode') {
console.log("decode路由")
req.on('data', (parms) => {
postparms += parms;
})
req.on('end', () => {
postparms = querystring.parse(postparms);
let dataBody = postparms.dataBody.replace(/^"|"$/g, '');
console.log(dataBody);
let decryptData = Decrypt(dataBody); // 解密,默认输出 utf8 字符串,默认使用 pkcs#7 填充(传 pkcs#5 也会走 pkcs#7 填充)
// decryptData = Buffer.from(decryptData) // console.log(decryptData) // decryptData = decryptData.toString('utf-8')
console.log(decryptData);
res.end( decryptData );
})
} else{
res.write("end");
res.end()
}
}).listen(8888);
比如在repeater中,我直接输入明文,点击send的时候插件自动将明文加密后发送
就不惯着你,40来岁连人都做不明白,跳梁小丑除了急你还有点啥?恼羞成怒啦,你该反省的是你为什么能一边用着开源的东西一边骂原作者,且是别人已经给你解决的思路的前提下,你真没脑子啊,饭嘴边要喂你吃,你是他儿子?给你惯的,《甲方你王哥》?
Originally posted by @n1ko61 in #18 (comment)
徐培宸你也就这点素质了,围观的看看,开源作者小号开始骂街了,这个帖子真是开对了,谁素质差不用我说了吧
> > 有这个闲工夫劝你多搞搞技术,自己被踢了怨不得别人,四十多岁人了,搞这些花里胡哨的 <img alt="image" width="929" src="https://user-images.githubusercontent.com/48286013/260197514-966e58ac-d9b4-4450-91cb-19b821fd8a76.png">
- 徐培宸,善待用你工具的每个人,你闲工夫多也没见你多说一句给你的爱好者
- 短信是让你来看GitHub,你以为不能做其他事吗
够胆查不够胆发?别装那个大逼斗了,小心把自己反噬了,问问题别人给你办法你不用,你是一点脑子没有啊?反过来威胁谁呢,几把给你能的,那么能咋开个小号灰溜溜的来底下评论呢,人品败坏
Originally posted by @n1ko61 in #18 (comment)
徐培宸,这是你的小号?,你也不看看我的名字,小号是你相当就能当的?小学拼音白学了
加密的部分可以解密出来但是整个请求发送的时候就会出现解密错误
提个小小需求,直接内置到蚁剑插件里,方便我们jb小子上手hhh
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.