├── .gitignore
├── settings.gradle
├── BappManifest.bmf
├── BappDescription.html
├── LICENSE
├── gradlew.bat
├── gradlew
├── README.md
└── src
└── main
└── java
└── burp
├── BurpExtender.java
├── AES_Killer.java
└── AES_Killer.form
/.gitignore:
--------------------------------------------------------------------------------
1 | .gradle/
2 | .idea/
3 | build/
4 | gradle/
5 |
--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = 'AES_Killer'
2 |
3 |
--------------------------------------------------------------------------------
/BappManifest.bmf:
--------------------------------------------------------------------------------
1 | Uuid: e5f0d9ecba1d4d2c96180ea2717e3cc1
2 | ExtensionType: 1
3 | Name: AES Killer, decrypt AES traffic on the fly
4 | RepoName: aes-killer
5 | ScreenVersion: 4.0
6 | SerialVersion: 2
7 | MinPlatformVersion: 0
8 | ProOnly: False
9 | Author: Abdul Wahab
10 | ShortDescription: Decrypt AES traffic on the fly
11 | EntryPoint: build/libs/AES_Killer-4.0.jar
12 | BuildCommand: gradle clean build
13 |
--------------------------------------------------------------------------------
/BappDescription.html:
--------------------------------------------------------------------------------
1 | What it does
2 |
3 | - The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
4 | - Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.
5 |
6 |
7 | NOTE: Currently support AES/CBC/PKCS5Padding and AES/ECB/PKCS5Padding encryption/decryption.
8 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Ebryx, LLC
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
1 | @rem
2 | @rem Copyright 2015 the original author or authors.
3 | @rem
4 | @rem Licensed under the Apache License, Version 2.0 (the "License");
5 | @rem you may not use this file except in compliance with the License.
6 | @rem You may obtain a copy of the License at
7 | @rem
8 | @rem https://www.apache.org/licenses/LICENSE-2.0
9 | @rem
10 | @rem Unless required by applicable law or agreed to in writing, software
11 | @rem distributed under the License is distributed on an "AS IS" BASIS,
12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | @rem See the License for the specific language governing permissions and
14 | @rem limitations under the License.
15 | @rem
16 |
17 | @if "%DEBUG%" == "" @echo off
18 | @rem ##########################################################################
19 | @rem
20 | @rem Gradle startup script for Windows
21 | @rem
22 | @rem ##########################################################################
23 |
24 | @rem Set local scope for the variables with windows NT shell
25 | if "%OS%"=="Windows_NT" setlocal
26 |
27 | set DIRNAME=%~dp0
28 | if "%DIRNAME%" == "" set DIRNAME=.
29 | set APP_BASE_NAME=%~n0
30 | set APP_HOME=%DIRNAME%
31 |
32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter.
33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
34 |
35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
37 |
38 | @rem Find java.exe
39 | if defined JAVA_HOME goto findJavaFromJavaHome
40 |
41 | set JAVA_EXE=java.exe
42 | %JAVA_EXE% -version >NUL 2>&1
43 | if "%ERRORLEVEL%" == "0" goto execute
44 |
45 | echo.
46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
47 | echo.
48 | echo Please set the JAVA_HOME variable in your environment to match the
49 | echo location of your Java installation.
50 |
51 | goto fail
52 |
53 | :findJavaFromJavaHome
54 | set JAVA_HOME=%JAVA_HOME:"=%
55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
56 |
57 | if exist "%JAVA_EXE%" goto execute
58 |
59 | echo.
60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
61 | echo.
62 | echo Please set the JAVA_HOME variable in your environment to match the
63 | echo location of your Java installation.
64 |
65 | goto fail
66 |
67 | :execute
68 | @rem Setup the command line
69 |
70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
71 |
72 |
73 | @rem Execute Gradle
74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
75 |
76 | :end
77 | @rem End local scope for the variables with windows NT shell
78 | if "%ERRORLEVEL%"=="0" goto mainEnd
79 |
80 | :fail
81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
82 | rem the _cmd.exe /c_ return code!
83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
84 | exit /b 1
85 |
86 | :mainEnd
87 | if "%OS%"=="Windows_NT" endlocal
88 |
89 | :omega
90 |
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | #
4 | # Copyright 2015 the original author or authors.
5 | #
6 | # Licensed under the Apache License, Version 2.0 (the "License");
7 | # you may not use this file except in compliance with the License.
8 | # You may obtain a copy of the License at
9 | #
10 | # https://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | # Unless required by applicable law or agreed to in writing, software
13 | # distributed under the License is distributed on an "AS IS" BASIS,
14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | # See the License for the specific language governing permissions and
16 | # limitations under the License.
17 | #
18 |
19 | ##############################################################################
20 | ##
21 | ## Gradle start up script for UN*X
22 | ##
23 | ##############################################################################
24 |
25 | # Attempt to set APP_HOME
26 | # Resolve links: $0 may be a link
27 | PRG="$0"
28 | # Need this for relative symlinks.
29 | while [ -h "$PRG" ] ; do
30 | ls=`ls -ld "$PRG"`
31 | link=`expr "$ls" : '.*-> \(.*\)$'`
32 | if expr "$link" : '/.*' > /dev/null; then
33 | PRG="$link"
34 | else
35 | PRG=`dirname "$PRG"`"/$link"
36 | fi
37 | done
38 | SAVED="`pwd`"
39 | cd "`dirname \"$PRG\"`/" >/dev/null
40 | APP_HOME="`pwd -P`"
41 | cd "$SAVED" >/dev/null
42 |
43 | APP_NAME="Gradle"
44 | APP_BASE_NAME=`basename "$0"`
45 |
46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
48 |
49 | # Use the maximum available, or set MAX_FD != -1 to use that value.
50 | MAX_FD="maximum"
51 |
52 | warn () {
53 | echo "$*"
54 | }
55 |
56 | die () {
57 | echo
58 | echo "$*"
59 | echo
60 | exit 1
61 | }
62 |
63 | # OS specific support (must be 'true' or 'false').
64 | cygwin=false
65 | msys=false
66 | darwin=false
67 | nonstop=false
68 | case "`uname`" in
69 | CYGWIN* )
70 | cygwin=true
71 | ;;
72 | Darwin* )
73 | darwin=true
74 | ;;
75 | MINGW* )
76 | msys=true
77 | ;;
78 | NONSTOP* )
79 | nonstop=true
80 | ;;
81 | esac
82 |
83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
84 |
85 |
86 | # Determine the Java command to use to start the JVM.
87 | if [ -n "$JAVA_HOME" ] ; then
88 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
89 | # IBM's JDK on AIX uses strange locations for the executables
90 | JAVACMD="$JAVA_HOME/jre/sh/java"
91 | else
92 | JAVACMD="$JAVA_HOME/bin/java"
93 | fi
94 | if [ ! -x "$JAVACMD" ] ; then
95 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
96 |
97 | Please set the JAVA_HOME variable in your environment to match the
98 | location of your Java installation."
99 | fi
100 | else
101 | JAVACMD="java"
102 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
103 |
104 | Please set the JAVA_HOME variable in your environment to match the
105 | location of your Java installation."
106 | fi
107 |
108 | # Increase the maximum file descriptors if we can.
109 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
110 | MAX_FD_LIMIT=`ulimit -H -n`
111 | if [ $? -eq 0 ] ; then
112 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
113 | MAX_FD="$MAX_FD_LIMIT"
114 | fi
115 | ulimit -n $MAX_FD
116 | if [ $? -ne 0 ] ; then
117 | warn "Could not set maximum file descriptor limit: $MAX_FD"
118 | fi
119 | else
120 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
121 | fi
122 | fi
123 |
124 | # For Darwin, add options to specify how the application appears in the dock
125 | if $darwin; then
126 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
127 | fi
128 |
129 | # For Cygwin or MSYS, switch paths to Windows format before running java
130 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
131 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
132 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
133 |
134 | JAVACMD=`cygpath --unix "$JAVACMD"`
135 |
136 | # We build the pattern for arguments to be converted via cygpath
137 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
138 | SEP=""
139 | for dir in $ROOTDIRSRAW ; do
140 | ROOTDIRS="$ROOTDIRS$SEP$dir"
141 | SEP="|"
142 | done
143 | OURCYGPATTERN="(^($ROOTDIRS))"
144 | # Add a user-defined pattern to the cygpath arguments
145 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
146 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
147 | fi
148 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
149 | i=0
150 | for arg in "$@" ; do
151 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
152 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
153 |
154 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
155 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
156 | else
157 | eval `echo args$i`="\"$arg\""
158 | fi
159 | i=`expr $i + 1`
160 | done
161 | case $i in
162 | 0) set -- ;;
163 | 1) set -- "$args0" ;;
164 | 2) set -- "$args0" "$args1" ;;
165 | 3) set -- "$args0" "$args1" "$args2" ;;
166 | 4) set -- "$args0" "$args1" "$args2" "$args3" ;;
167 | 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
168 | 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
169 | 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
170 | 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
171 | 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
172 | esac
173 | fi
174 |
175 | # Escape application args
176 | save () {
177 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
178 | echo " "
179 | }
180 | APP_ARGS=`save "$@"`
181 |
182 | # Collect all arguments for the java command, following the shell quoting and substitution rules
183 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
184 |
185 | exec "$JAVACMD" "$@"
186 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AES Killer (Burpsuite Plugin)
2 | [](https://github.com/ellerbrock/open-source-badge/)
3 | [](http://badge.fury.io/gh/boennemann%2Fbadges)
4 | [](https://github.com/ellerbrock/open-source-badge/)
5 |
6 | **Burpsuite Plugin to decrypt AES Encrypted traffic on the fly**
7 |
8 | 
9 |
10 | ### Requirements
11 | - Burpsuite
12 |
13 | ### Tested on
14 | - Burpsuite 2021.4
15 | - Windows 10
16 | - Ubuntu & PopOS
17 |
18 | ### What it does
19 | - The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.
20 | - Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.
21 |
22 | ***NOTE:*** Currently support `AES/CBC/PKCS5Padding` && `AES/ECB/PKCS5Padding` encryption/decryption.
23 |
24 | ### How it works
25 | - Require **Secret Key** and **Initialize Vector** which can be obtained by using aes-hook.js and frida-hook.py or by reversing the application (For iOS please use Frida iOS Hook to get AES Secret Key and IV)
26 | - A detailed usage guide can be found at AES Killer - Usage Guide
27 | - This article will help you in Decrypting Mobile App Traffic using AES Killer and Frida
28 |
29 | ### How to Build
30 | ```
31 | $ git clone https://github.com/Ebryx/AES-Killer/
32 | $ cd AES-Killer
33 | $ ./gradlew clean build
34 | ```
35 |
36 | ## Variants
37 | - AES_Killer for JSON request AES_Killer-JSON.java
38 | - AES_Killer for random/alternate Parameters on different endpoints AES_Killer-Parameters.java
39 |
40 | ***AES_Killer-Parameters.java:*** Let's say if application enforcing encryption on few parameters in request and these parameters will change every time with respect to endpoint/request so all you need to do is as follow
41 |
42 | - Add endpoints by adding this.endpoints.add("abc"); in registerExtenderCallbacks function
43 | - Add parameters which will be encrypted in `String[][] parameters`
44 | - Add rest of parameter in grant_type or make blank entry
45 |
46 | and let the code do the magic for you.
47 |
48 | - AES_Killer_v3.0 a generic variant for alternate parameters on different endpoints with GET, POST (JSON, Form) support AES_Killer_v3.0.java
49 |
50 | ***AES_Killer_v3.0.java:*** This variant is generic and can deal with any type of request format i-e GET, POST(Form, JSON) with alternate parameters on different endpoints
51 |
52 | - Clone the project and replace the BurpExtender.java with AES_Killer_v3.0.java code
53 | - Modify the endpoints and parameters of each request type in order as shown below
54 | - Update SecretKey and IV parameters and other required methods
55 | - Build the project and you are good to go
56 |
57 |
58 | 
59 |
60 |
61 | - AES_Killer_v4.0.java for multi-level encryption on request _(Support Form, JSON and XML formats)_
62 |
63 | ***AES_Killer_v4.0.java:*** This variant is for Multi-Level encryption where application is encrypting few request parameters with one key and later on encrypting the whole request body with another key
64 |
65 | - Clone the project and replace the BurpExtender.java with AES_Killer_v4.0.java code
66 | - Modify the endpoints and parameters as shown below
67 | - Update Secret Keys and other required methods
68 | - Build the project and add jar file to your extender
69 |
70 |
71 | 
72 |
73 | ***NOTE:*** These variants will not work for you directly due to nature of your request so might need little tweaking.
74 |
75 | ### How to Install
76 | Download jar file from Release and add in burpsuite
77 |
78 | 
79 |
80 | ### Original Request/Response
81 | 
82 |
83 | ### Getting AES Encryption Key and IV
84 | - First setup frida server on IOS and Android device.
85 | - Launch Application on mobile device.
86 | - Run aes-hook.js and frida-hook.py on your host machine to get AES Encryption Key and IV as shown in this post.
87 |
88 | 
89 |
90 | ### Decrypt Request and Response
91 | - Provide SecretSpecKey under `Secret Key` field
92 | - Provide IV under `Initialize Vector` field
93 | - Provide Host/URL to filter request and response for encryption and decryption
94 | - Select appropriate Request and Response options
95 | - Press `Start AES Killer`
96 |
97 | 
98 |
99 |
100 | ### AES Killer with Repeater, Intruder and Scanner
101 | Once we start AES Killer, it takes control of Burp `IHttpListener.processHttpMessage` which is responsible for handling all outgoing and incoming traffic and AES Killer do the following
102 |
103 | - Before sending the final request to a server, `ProcessHttpMessage` encrypt the request
104 | - Upon receiving a response, `ProcessHttpMessage` decrypt the response first before showing it to us
105 |
106 | So we'll only be getting the Plain Text Response and can play with Plain Text request.
107 |
108 | 
109 |
110 |
111 |
112 | ### Manual Encryption and Decryption
113 | We can also manually encrypt and decrypt strings using AES Killer. Let's take an encrypted string from the request `TYROd49FWJjYBfv02oiUzwRQgxWMWiw4W3oCqvNf8h3bnb7X0bobypFzMt797CYU` and decrypt it using AES Killer. Similarly, we can perform the encryption too.
114 |
115 | 
116 |
117 |
118 | Download Demo App from here
119 |
--------------------------------------------------------------------------------
/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package burp;
7 |
8 | import java.awt.Component;
9 | import java.io.PrintWriter;
10 | import java.net.URL;
11 | import java.util.List;
12 | import javax.crypto.Cipher;
13 | import javax.crypto.spec.IvParameterSpec;
14 | import javax.crypto.spec.SecretKeySpec;
15 |
16 | /**
17 | *
18 | * @author n00b
19 | */
20 | public class BurpExtender implements IBurpExtender, ITab, IHttpListener, IProxyListener {
21 |
22 | public String ExtensionName = "AES Killer";
23 | public String TabName = "AES Killer";
24 | public String _Header = "AES: Killer";
25 | AES_Killer _aes_killer;
26 |
27 | public IBurpExtenderCallbacks callbacks;
28 | public IExtensionHelpers helpers;
29 | public PrintWriter stdout;
30 | public PrintWriter stderr;
31 | public Boolean isDebug = true;
32 | public Boolean isRunning = false;
33 |
34 | public Cipher cipher;
35 | public SecretKeySpec sec_key;
36 | public IvParameterSpec iv_param;
37 |
38 | public String _host;
39 | public String _enc_type;
40 | public String _secret_key;
41 | public String _iv_param;
42 | public String[] _req_param;
43 | public String[] _res_param;
44 |
45 | public String[] _obffusicatedChar;
46 | public String[] _replaceWithChar;
47 |
48 | public Boolean _exclude_iv = false;
49 | public Boolean _ignore_response = false;
50 | public Boolean _do_off = false;
51 | public Boolean _url_enc_dec = false;
52 | public Boolean _is_req_body = false;
53 | public Boolean _is_res_body = false;
54 | public Boolean _is_req_param = false;
55 | public Boolean _is_res_param = false;
56 | public Boolean _is_ovrr_req_body = false;
57 | public Boolean _is_ovrr_res_body = false;
58 | public Boolean _is_ovrr_req_body_form = false;
59 | public Boolean _is_ovrr_res_body_form = false;
60 | public Boolean _is_ovrr_req_body_json = false;
61 | public Boolean _is_ovrr_res_body_json = false;
62 |
63 |
64 | @Override
65 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
66 | this.callbacks = callbacks;
67 | this.helpers = callbacks.getHelpers();
68 | this.stdout = new PrintWriter(callbacks.getStdout(), true);
69 | this.stderr = new PrintWriter(callbacks.getStderr(), true);
70 | this.callbacks.setExtensionName(this.ExtensionName);
71 |
72 | _aes_killer = new AES_Killer(this);
73 | this.callbacks.addSuiteTab(this);
74 | this.stdout.println("AES_Killer Installed !!!");
75 | }
76 |
77 | @Override
78 | public String getTabCaption() {
79 | return this.TabName;
80 | }
81 |
82 | @Override
83 | public Component getUiComponent() {
84 | return this._aes_killer;
85 | }
86 |
87 | public void start_aes_killer(){
88 | this.callbacks.registerHttpListener(this);
89 | this.callbacks.registerProxyListener(this);
90 | this.isRunning = true;
91 | }
92 |
93 | public void stop_aes_killer(){
94 | this.callbacks.removeHttpListener(this);
95 | this.callbacks.removeProxyListener(this);
96 | this.isRunning = false;
97 | }
98 |
99 | private void print_output(String _src, String str){
100 | if(! isDebug){ return; }
101 | this.stdout.println(_src + " :: " + str);
102 | }
103 |
104 | private void print_error(String _src, String str){
105 | if(! isDebug){ return; }
106 | this.stderr.println(_src + " :: " + str);
107 | }
108 |
109 | public String get_host(String _url){
110 | try{
111 | URL abc = new URL(_url);
112 | return abc.getHost().toString();
113 | }catch (Exception ex){
114 | print_error("get_endpoint", _url);
115 | return _url;
116 | }
117 | }
118 |
119 | public String remove_0bff(String _paramString) {
120 | if (_paramString != null) {
121 | for(int i =0; i< this._obffusicatedChar.length; i++){
122 | _paramString = _paramString.replace(this._replaceWithChar[i], this._obffusicatedChar[i]);
123 | }
124 | return _paramString;
125 | }
126 | return _paramString;
127 | }
128 |
129 | public String do_0bff(String _paramString) {
130 | if (_paramString != null) {
131 | for(int i =0; i< this._obffusicatedChar.length; i++){
132 | _paramString = _paramString.replace(this._obffusicatedChar[i], this._replaceWithChar[i]);
133 | }
134 | return _paramString;
135 | }
136 | return _paramString;
137 | }
138 |
139 | public String do_decrypt(String _enc_str){
140 | try{
141 | cipher = Cipher.getInstance(this._enc_type);
142 | sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES");
143 |
144 | if (this._exclude_iv){
145 | cipher.init(Cipher.DECRYPT_MODE, sec_key);
146 | }
147 | else {
148 | iv_param = new IvParameterSpec(this.helpers.base64Decode(this._iv_param));
149 | cipher.init(Cipher.DECRYPT_MODE, sec_key, iv_param);
150 | }
151 |
152 | if (this._url_enc_dec) { _enc_str = this.helpers.urlDecode(_enc_str); }
153 | if (this._do_off) { _enc_str = this.remove_0bff(_enc_str); }
154 |
155 | _enc_str = new String (cipher.doFinal(this.helpers.base64Decode(_enc_str)));
156 | return _enc_str;
157 | }catch(Exception ex){
158 | print_error("do_decrypt", ex.getMessage());
159 | return _enc_str;
160 | }
161 | }
162 |
163 | public String do_encrypt(String _dec_str){
164 | try{
165 | cipher = Cipher.getInstance(this._enc_type);
166 | sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES");
167 |
168 | if (this._exclude_iv){
169 | cipher.init(Cipher.ENCRYPT_MODE, sec_key);
170 | }
171 | else {
172 | iv_param = new IvParameterSpec(this.helpers.base64Decode(this._iv_param));
173 | cipher.init(Cipher.ENCRYPT_MODE, sec_key, iv_param);
174 | }
175 |
176 | _dec_str = new String (this.helpers.base64Encode(cipher.doFinal(_dec_str.getBytes())));
177 | if (this._do_off) { _dec_str = this.do_0bff(_dec_str); }
178 | if (this._url_enc_dec) { _dec_str = this.helpers.urlEncode(_dec_str); }
179 | return _dec_str;
180 | }catch(Exception ex){
181 | print_error("do_decrypt", ex.getMessage());
182 | return _dec_str;
183 | }
184 | }
185 |
186 |
187 | public byte[] update_req_params (byte[] _request, List headers, String[] _params, Boolean _do_enc){
188 | for(int i = 0 ; i < _params.length; i++){
189 | IParameter _p = this.helpers.getRequestParameter(_request, _params[i]);
190 | if (_p == null || _p.getName().toString().length() == 0){ continue; }
191 |
192 | String _str = "";
193 | if(_do_enc) {
194 | _str = this.do_encrypt(_p.getValue().toString().trim());
195 | }
196 | else {
197 | _str = this.do_decrypt(_p.getValue().toString().trim());
198 | }
199 |
200 | if(this._is_ovrr_req_body){
201 | if (!headers.contains(this._Header)) { headers.add(this._Header); }
202 | _request = this.helpers.buildHttpMessage(headers, _str.getBytes());
203 | return _request;
204 | }
205 |
206 | if(this._is_ovrr_res_body){
207 | if (!headers.contains(this._Header)) { headers.add(this._Header); }
208 | _request = this.helpers.buildHttpMessage(headers, _str.getBytes());
209 | return _request;
210 | }
211 |
212 |
213 | IParameter _newP = this.helpers.buildParameter(_params[i], _str, _p.getType());
214 | _request = this.helpers.removeParameter(_request, _p);
215 | _request = this.helpers.addParameter(_request, _newP);
216 | if (!headers.contains(this._Header)) { headers.add(this._Header); }
217 | IRequestInfo reqInfo2 = helpers.analyzeRequest(_request);
218 | String tmpreq = new String(_request);
219 | String messageBody = new String(tmpreq.substring(reqInfo2.getBodyOffset())).trim();
220 | _request = this.helpers.buildHttpMessage(headers, messageBody.getBytes());
221 | }
222 | return _request;
223 | }
224 |
225 | public byte[] update_req_params_json(byte[] _request, List headers, String[] _params, Boolean _do_enc){
226 | for(int i=0; i< _params.length; i++){
227 | IParameter _p = this.helpers.getRequestParameter(_request, _params[i]);
228 | if (_p == null || _p.getName().toString().length() == 0){ continue; }
229 |
230 | String _str = "";
231 | if(_do_enc) {
232 | _str = this.do_encrypt(_p.getValue().toString().trim());
233 | }
234 | else {
235 | _str = this.do_decrypt(_p.getValue().toString().trim());
236 | }
237 |
238 |
239 | if(this._is_ovrr_req_body){
240 | if (!headers.contains(this._Header)) { headers.add(this._Header); }
241 | _request = this.helpers.buildHttpMessage(headers, _str.getBytes());
242 | return _request;
243 | }
244 |
245 | if(this._is_ovrr_res_body){
246 | if (!headers.contains(this._Header)) { headers.add(this._Header); }
247 | _request = this.helpers.buildHttpMessage(headers, _str.getBytes());
248 | return _request;
249 | }
250 |
251 |
252 | IRequestInfo reqInfo = helpers.analyzeRequest(_request);
253 | String tmpreq = new String(_request);
254 | String messageBody = new String(tmpreq.substring(reqInfo.getBodyOffset())).trim();
255 |
256 | int _fi = messageBody.indexOf(_params[i]);
257 | if(_fi < 0) { continue; }
258 |
259 | _fi = _fi + _params[i].length() + 3;
260 | int _si = messageBody.indexOf("\"", _fi);
261 | print_output("update_req_params_json", _str);
262 | print_output("update_req_params_json", messageBody.substring(0, _fi));
263 | print_output("update_req_params_json", messageBody.substring(_si, messageBody.length()));
264 | if (!headers.contains(this._Header)) { headers.add(this._Header); }
265 | messageBody = messageBody.substring(0, _fi) + _str + messageBody.substring(_si, messageBody.length());
266 | _request = this.helpers.buildHttpMessage(headers, messageBody.getBytes());
267 |
268 | }
269 | return _request;
270 | }
271 |
272 | @Override
273 | public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) {
274 | if (messageIsRequest) {
275 | IHttpRequestResponse messageInfo = message.getMessageInfo();
276 | IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
277 | String URL = new String(reqInfo.getUrl().toString());
278 | List headers = reqInfo.getHeaders();
279 |
280 | if(this._host.contains(get_host(URL))) {
281 |
282 | if(this._is_req_body) {
283 | // decrypting request body
284 | String tmpreq = new String(messageInfo.getRequest());
285 | String messageBody = new String(tmpreq.substring(reqInfo.getBodyOffset())).trim();
286 | String decValue = this.do_decrypt(messageBody);
287 | headers.add(new String(this._Header));
288 | byte[] updateMessage = helpers.buildHttpMessage(headers, decValue.getBytes());
289 | messageInfo.setRequest(updateMessage);
290 | print_output("PPM-req", "Final Decrypted Request\n" + new String(updateMessage));
291 | }
292 | else if(this._is_req_param){
293 |
294 | byte[] _request = messageInfo.getRequest();
295 |
296 | if(reqInfo.getContentType() == IRequestInfo.CONTENT_TYPE_JSON){
297 | _request = update_req_params_json(_request, headers, this._req_param ,false);
298 | }
299 | else{
300 | _request = update_req_params(_request, headers, this._req_param, false);
301 | }
302 | print_output("PPM-req", "Final Decrypted Request\n" + new String(_request));
303 | messageInfo.setRequest(_request);
304 |
305 | }
306 | else {
307 | return;
308 | }
309 |
310 | }
311 | }
312 | else {
313 | if(this._ignore_response) { return; }
314 | // PPM Response
315 |
316 | IHttpRequestResponse messageInfo = message.getMessageInfo();
317 | IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
318 | IResponseInfo resInfo = helpers.analyzeResponse(messageInfo.getResponse());
319 | String URL = new String(reqInfo.getUrl().toString());
320 | List headers = resInfo.getHeaders();
321 |
322 | if(this._host.contains(this.get_host(URL))){
323 |
324 | if(!headers.contains(this._Header)){ return; }
325 |
326 | if(this._is_res_body){
327 | // Complete Response Body encryption
328 | String tmpreq = new String(messageInfo.getResponse());
329 | String messageBody = new String(tmpreq.substring(resInfo.getBodyOffset())).trim();
330 | messageBody = do_encrypt(messageBody);
331 | byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
332 | messageInfo.setResponse(updateMessage);
333 | print_output("PPM-res", "Final Encrypted Response\n" + new String(updateMessage));
334 | }
335 | else if(this._is_ovrr_res_body){
336 | String tmpreq = new String(messageInfo.getResponse());
337 | String messageBody = new String(tmpreq.substring(resInfo.getBodyOffset())).trim();
338 | messageBody = do_encrypt(messageBody);
339 |
340 | if(this._is_ovrr_res_body_form){
341 | messageBody = this._req_param[0] + "=" + messageBody;
342 | }
343 | else if(this._is_ovrr_res_body_json){
344 | messageBody = "{\"" + this._req_param[0] + "\":\"" + messageBody + "\"}";
345 | }
346 |
347 | byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
348 | messageInfo.setResponse(updateMessage);
349 | print_output("PPM-res", "Final Encrypted Response\n" + new String(updateMessage));
350 | }
351 | else if(this._is_res_param){
352 | // implement left --------------------------
353 | byte[] _response = messageInfo.getResponse();
354 |
355 | _response = this.update_req_params_json(_response, headers, this._res_param, true);
356 | messageInfo.setResponse(_response);
357 | print_output("PHTM-res", "Final Decrypted Response\n" + new String(_response));
358 |
359 | }
360 | else{
361 | return;
362 | }
363 |
364 | }
365 | }
366 | }
367 |
368 |
369 |
370 |
371 | @Override
372 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
373 | if (messageIsRequest) {
374 | IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
375 | String URL = new String(reqInfo.getUrl().toString());
376 | List headers = reqInfo.getHeaders();
377 |
378 | if(!headers.contains(this._Header)){ return; }
379 |
380 | if(this._host.contains(get_host(URL))){
381 | if(this._is_req_body) {
382 | String tmpreq = new String(messageInfo.getRequest());
383 | String messageBody = new String(tmpreq.substring(reqInfo.getBodyOffset())).trim();
384 | messageBody = this.do_encrypt(messageBody);
385 | byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
386 | messageInfo.setRequest(updateMessage);
387 | print_output("PHTM-req", "Final Encrypted Request\n" + new String(updateMessage));
388 | }
389 | else if(this._is_ovrr_req_body){
390 | String tmpreq = new String(messageInfo.getRequest());
391 | String messageBody = new String(tmpreq.substring(reqInfo.getBodyOffset())).trim();
392 | messageBody = this.do_encrypt(messageBody);
393 |
394 | if(this._is_ovrr_req_body_form){
395 | messageBody = this._req_param[0] + "=" + messageBody;
396 | }
397 | else if(this._is_ovrr_req_body_json){
398 | messageBody = "{\"" + this._req_param[0] + "\":\"" + messageBody + "\"}";
399 | }
400 |
401 | byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
402 | messageInfo.setRequest(updateMessage);
403 | print_output("PHTM-req", "Final Encrypted Request\n" + new String(updateMessage));
404 | }
405 | else if(this._is_req_param){
406 |
407 | byte[] _request = messageInfo.getRequest();
408 |
409 | if(reqInfo.getContentType() == IRequestInfo.CONTENT_TYPE_JSON){
410 | _request = update_req_params_json(_request, headers, this._req_param, true);
411 | }
412 | else{
413 | _request = update_req_params(_request, headers, this._req_param, true);
414 | }
415 | print_output("PHTM-req", "Final Encrypted Request\n" + new String(_request));
416 | messageInfo.setRequest(_request);
417 | }
418 | else {
419 | return;
420 | }
421 | }
422 |
423 |
424 | }
425 | else {
426 | if(this._ignore_response) { return; }
427 |
428 | // PHTM Response
429 | IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
430 | IResponseInfo resInfo = helpers.analyzeResponse(messageInfo.getResponse());
431 | String URL = new String(reqInfo.getUrl().toString());
432 | List headers = resInfo.getHeaders();
433 |
434 |
435 | if(this._host.contains(this.get_host(URL))){
436 |
437 | if(this._is_res_body){
438 | // Complete Response Body decryption
439 | String tmpreq = new String(messageInfo.getResponse());
440 | String messageBody = new String(tmpreq.substring(resInfo.getBodyOffset())).trim();
441 | messageBody = do_decrypt(messageBody);
442 | headers.add(this._Header);
443 | byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
444 | messageInfo.setResponse(updateMessage);
445 | print_output("PHTM-res", "Final Decrypted Response\n" + new String(updateMessage));
446 | }
447 | else if(this._is_res_param){
448 | // implement left --------------------------
449 | byte[] _response = messageInfo.getResponse();
450 |
451 | _response = this.update_req_params_json(_response, headers, this._res_param, false);
452 | messageInfo.setResponse(_response);
453 | print_output("PHTM-res", "Final Decrypted Response\n" + new String(_response));
454 | }
455 | else{
456 | return;
457 | }
458 |
459 | }
460 |
461 |
462 | }
463 | }
464 |
465 |
466 |
467 |
468 |
469 |
470 |
471 |
472 |
473 |
474 | }
475 |
--------------------------------------------------------------------------------
/src/main/java/burp/AES_Killer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this license header, choose License Headers in Project Properties.
3 | * To change this template file, choose Tools | Templates
4 | * and open the template in the editor.
5 | */
6 | package burp;
7 |
8 | import java.net.URL;
9 | import javax.swing.JOptionPane;
10 |
11 | /**
12 | *
13 | * @author n00b
14 | */
15 | public class AES_Killer extends javax.swing.JPanel {
16 |
17 | /**
18 | * Creates new form AES_Killer
19 | */
20 |
21 | BurpExtender _burpObj;
22 |
23 | public AES_Killer(BurpExtender _b) {
24 | this._burpObj = _b;
25 | initComponents();
26 |
27 |
28 |
29 | this.jCheckBox9.setSelected(true);
30 | this.jCheckBox10.setSelected(true);
31 | this.jCheckBox11.setSelected(true);
32 | this.jCheckBox12.setSelected(true);
33 |
34 | this.jCheckBox9.setEnabled(false);
35 | this.jCheckBox10.setEnabled(false);
36 | this.jCheckBox11.setEnabled(false);
37 | this.jCheckBox12.setEnabled(false);
38 | }
39 |
40 | /**
41 | * This method is called from within the constructor to initialize the form.
42 | * WARNING: Do NOT modify this code. The content of this method is always
43 | * regenerated by the Form Editor.
44 | */
45 | @SuppressWarnings("unchecked")
46 | // //GEN-BEGIN:initComponents
47 | private void initComponents() {
48 |
49 | buttonGroup1 = new javax.swing.ButtonGroup();
50 | buttonGroup2 = new javax.swing.ButtonGroup();
51 | buttonGroup3 = new javax.swing.ButtonGroup();
52 | buttonGroup4 = new javax.swing.ButtonGroup();
53 | buttonGroup5 = new javax.swing.ButtonGroup();
54 | jSplitPane1 = new javax.swing.JSplitPane();
55 | jPanel1 = new javax.swing.JPanel();
56 | jPanel6 = new javax.swing.JPanel();
57 | jButton1 = new javax.swing.JButton();
58 | jButton2 = new javax.swing.JButton();
59 | jButton3 = new javax.swing.JButton();
60 | jButton4 = new javax.swing.JButton();
61 | jButton5 = new javax.swing.JButton();
62 | jPanel10 = new javax.swing.JPanel();
63 | jCheckBox9 = new javax.swing.JCheckBox();
64 | jCheckBox10 = new javax.swing.JCheckBox();
65 | jCheckBox11 = new javax.swing.JCheckBox();
66 | jCheckBox12 = new javax.swing.JCheckBox();
67 | jLabel8 = new javax.swing.JLabel();
68 | jTextField7 = new javax.swing.JTextField();
69 | jPanel12 = new javax.swing.JPanel();
70 | jCheckBox8 = new javax.swing.JCheckBox();
71 | jCheckBox13 = new javax.swing.JCheckBox();
72 | jCheckBox14 = new javax.swing.JCheckBox();
73 | jPanel4 = new javax.swing.JPanel();
74 | jPanel5 = new javax.swing.JPanel();
75 | jLabel1 = new javax.swing.JLabel();
76 | jComboBox1 = new javax.swing.JComboBox();
77 | jLabel2 = new javax.swing.JLabel();
78 | jTextField1 = new javax.swing.JTextField();
79 | jLabel3 = new javax.swing.JLabel();
80 | jTextField2 = new javax.swing.JTextField();
81 | jCheckBox1 = new javax.swing.JCheckBox();
82 | jPanel9 = new javax.swing.JPanel();
83 | jLabel6 = new javax.swing.JLabel();
84 | jTextField5 = new javax.swing.JTextField();
85 | jLabel7 = new javax.swing.JLabel();
86 | jTextField6 = new javax.swing.JTextField();
87 | jPanel7 = new javax.swing.JPanel();
88 | jLabel4 = new javax.swing.JLabel();
89 | jCheckBox2 = new javax.swing.JCheckBox();
90 | jCheckBox3 = new javax.swing.JCheckBox();
91 | jTextField3 = new javax.swing.JTextField();
92 | jCheckBox6 = new javax.swing.JCheckBox();
93 | jCheckBox16 = new javax.swing.JCheckBox();
94 | jPanel8 = new javax.swing.JPanel();
95 | jLabel5 = new javax.swing.JLabel();
96 | jCheckBox4 = new javax.swing.JCheckBox();
97 | jCheckBox5 = new javax.swing.JCheckBox();
98 | jTextField4 = new javax.swing.JTextField();
99 | jCheckBox7 = new javax.swing.JCheckBox();
100 | jCheckBox15 = new javax.swing.JCheckBox();
101 | jCheckBox17 = new javax.swing.JCheckBox();
102 | jPanel11 = new javax.swing.JPanel();
103 | jTabbedPane3 = new javax.swing.JTabbedPane();
104 | jPanel3 = new javax.swing.JPanel();
105 | jScrollPane1 = new javax.swing.JScrollPane();
106 | jTextArea1 = new javax.swing.JTextArea();
107 | jTabbedPane4 = new javax.swing.JTabbedPane();
108 | jPanel2 = new javax.swing.JPanel();
109 | jScrollPane2 = new javax.swing.JScrollPane();
110 | jTextArea2 = new javax.swing.JTextArea();
111 |
112 | setLayout(new javax.swing.BoxLayout(this, javax.swing.BoxLayout.LINE_AXIS));
113 |
114 | jSplitPane1.setDividerLocation(440);
115 | jSplitPane1.setDividerSize(20);
116 | jSplitPane1.setOrientation(javax.swing.JSplitPane.VERTICAL_SPLIT);
117 |
118 | jPanel1.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
119 |
120 | jPanel6.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
121 |
122 | jButton1.setText("Stop AES Killer");
123 | jButton1.addActionListener(new java.awt.event.ActionListener() {
124 | public void actionPerformed(java.awt.event.ActionEvent evt) {
125 | jButton1ActionPerformed(evt);
126 | }
127 | });
128 |
129 | jButton2.setText("Start AES Killer");
130 | jButton2.addActionListener(new java.awt.event.ActionListener() {
131 | public void actionPerformed(java.awt.event.ActionEvent evt) {
132 | jButton2ActionPerformed(evt);
133 | }
134 | });
135 |
136 | jButton3.setText("Encrypt");
137 | jButton3.addActionListener(new java.awt.event.ActionListener() {
138 | public void actionPerformed(java.awt.event.ActionEvent evt) {
139 | jButton3ActionPerformed(evt);
140 | }
141 | });
142 |
143 | jButton4.setText("Decrypt");
144 | jButton4.addActionListener(new java.awt.event.ActionListener() {
145 | public void actionPerformed(java.awt.event.ActionEvent evt) {
146 | jButton4ActionPerformed(evt);
147 | }
148 | });
149 |
150 | jButton5.setText("Clear");
151 | jButton5.addActionListener(new java.awt.event.ActionListener() {
152 | public void actionPerformed(java.awt.event.ActionEvent evt) {
153 | jButton5ActionPerformed(evt);
154 | }
155 | });
156 |
157 | jPanel10.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
158 | jPanel10.setEnabled(false);
159 |
160 | jCheckBox9.setText("Proxy");
161 |
162 | jCheckBox10.setText("Repeater");
163 |
164 | jCheckBox11.setText("Scanner");
165 |
166 | jCheckBox12.setText("Intruder");
167 |
168 | javax.swing.GroupLayout jPanel10Layout = new javax.swing.GroupLayout(jPanel10);
169 | jPanel10.setLayout(jPanel10Layout);
170 | jPanel10Layout.setHorizontalGroup(
171 | jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
172 | .addGroup(jPanel10Layout.createSequentialGroup()
173 | .addContainerGap()
174 | .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
175 | .addGroup(jPanel10Layout.createSequentialGroup()
176 | .addComponent(jCheckBox9)
177 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
178 | .addComponent(jCheckBox11))
179 | .addGroup(jPanel10Layout.createSequentialGroup()
180 | .addGap(0, 0, Short.MAX_VALUE)
181 | .addComponent(jCheckBox10)
182 | .addGap(18, 18, 18)
183 | .addComponent(jCheckBox12)))
184 | .addContainerGap())
185 | );
186 | jPanel10Layout.setVerticalGroup(
187 | jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
188 | .addGroup(jPanel10Layout.createSequentialGroup()
189 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
190 | .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
191 | .addComponent(jCheckBox9)
192 | .addComponent(jCheckBox11))
193 | .addGap(18, 18, 18)
194 | .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
195 | .addComponent(jCheckBox10)
196 | .addComponent(jCheckBox12))
197 | .addGap(16, 16, 16))
198 | );
199 |
200 | jLabel8.setText("Host URL");
201 |
202 | jTextField7.setName("host_url"); // NOI18N
203 |
204 | jPanel12.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
205 |
206 | jCheckBox8.setText("Do / Remove Obfuscation");
207 |
208 | jCheckBox13.setText("Enable Debug Mode");
209 | jCheckBox13.setName("isDebug"); // NOI18N
210 |
211 | jCheckBox14.setText("URL encode/decode");
212 |
213 | javax.swing.GroupLayout jPanel12Layout = new javax.swing.GroupLayout(jPanel12);
214 | jPanel12.setLayout(jPanel12Layout);
215 | jPanel12Layout.setHorizontalGroup(
216 | jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
217 | .addGroup(jPanel12Layout.createSequentialGroup()
218 | .addContainerGap()
219 | .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
220 | .addComponent(jCheckBox8)
221 | .addComponent(jCheckBox14)
222 | .addComponent(jCheckBox13))
223 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
224 | );
225 | jPanel12Layout.setVerticalGroup(
226 | jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
227 | .addGroup(jPanel12Layout.createSequentialGroup()
228 | .addContainerGap()
229 | .addComponent(jCheckBox8)
230 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
231 | .addComponent(jCheckBox14)
232 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
233 | .addComponent(jCheckBox13)
234 | .addContainerGap())
235 | );
236 |
237 | javax.swing.GroupLayout jPanel6Layout = new javax.swing.GroupLayout(jPanel6);
238 | jPanel6.setLayout(jPanel6Layout);
239 | jPanel6Layout.setHorizontalGroup(
240 | jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
241 | .addGroup(jPanel6Layout.createSequentialGroup()
242 | .addContainerGap()
243 | .addGroup(jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
244 | .addGroup(jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
245 | .addGroup(jPanel6Layout.createSequentialGroup()
246 | .addComponent(jButton3)
247 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
248 | .addComponent(jButton4)
249 | .addGap(18, 18, 18)
250 | .addComponent(jButton5))
251 | .addGroup(jPanel6Layout.createSequentialGroup()
252 | .addComponent(jButton2, javax.swing.GroupLayout.PREFERRED_SIZE, 222, javax.swing.GroupLayout.PREFERRED_SIZE)
253 | .addGap(39, 39, 39)
254 | .addComponent(jButton1, javax.swing.GroupLayout.PREFERRED_SIZE, 222, javax.swing.GroupLayout.PREFERRED_SIZE))
255 | .addComponent(jTextField7))
256 | .addComponent(jLabel8))
257 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 434, Short.MAX_VALUE)
258 | .addComponent(jPanel12, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
259 | .addGap(18, 18, 18)
260 | .addComponent(jPanel10, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
261 | .addContainerGap())
262 | );
263 | jPanel6Layout.setVerticalGroup(
264 | jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
265 | .addGroup(jPanel6Layout.createSequentialGroup()
266 | .addGap(26, 26, 26)
267 | .addGroup(jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
268 | .addComponent(jPanel10, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
269 | .addComponent(jPanel12, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
270 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
271 | .addGroup(jPanel6Layout.createSequentialGroup()
272 | .addContainerGap()
273 | .addComponent(jLabel8)
274 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
275 | .addComponent(jTextField7, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
276 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
277 | .addGroup(jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
278 | .addComponent(jButton2)
279 | .addComponent(jButton1))
280 | .addGap(18, 18, 18)
281 | .addGroup(jPanel6Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
282 | .addComponent(jButton3)
283 | .addComponent(jButton4)
284 | .addComponent(jButton5))
285 | .addContainerGap())
286 | );
287 |
288 | jPanel4.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
289 | jPanel4.setLayout(null);
290 |
291 | jPanel5.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
292 |
293 | jLabel1.setText("Select Encryption");
294 |
295 | jComboBox1.setModel(new javax.swing.DefaultComboBoxModel(new String[] { "AES/CBC/PKCS5Padding", "AES/ECB/PKCS5Padding" }));
296 | jComboBox1.setName("encryption_type"); // NOI18N
297 |
298 | jLabel2.setText("Secret Key (Base64 Encoded)");
299 |
300 | jTextField1.setName("secretKey"); // NOI18N
301 |
302 | jLabel3.setText("IV (Base64 Encoded)");
303 |
304 | jTextField2.setName("iv"); // NOI18N
305 |
306 | jCheckBox1.setText("Exclude / Ignore IV");
307 | jCheckBox1.setName("excludeIV"); // NOI18N
308 |
309 | javax.swing.GroupLayout jPanel5Layout = new javax.swing.GroupLayout(jPanel5);
310 | jPanel5.setLayout(jPanel5Layout);
311 | jPanel5Layout.setHorizontalGroup(
312 | jPanel5Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
313 | .addGroup(jPanel5Layout.createSequentialGroup()
314 | .addContainerGap()
315 | .addGroup(jPanel5Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
316 | .addComponent(jComboBox1, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
317 | .addComponent(jTextField1)
318 | .addComponent(jTextField2)
319 | .addGroup(jPanel5Layout.createSequentialGroup()
320 | .addGroup(jPanel5Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
321 | .addComponent(jLabel1)
322 | .addComponent(jLabel2)
323 | .addComponent(jLabel3)
324 | .addComponent(jCheckBox1))
325 | .addGap(0, 204, Short.MAX_VALUE)))
326 | .addContainerGap())
327 | );
328 | jPanel5Layout.setVerticalGroup(
329 | jPanel5Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
330 | .addGroup(jPanel5Layout.createSequentialGroup()
331 | .addContainerGap()
332 | .addComponent(jLabel1)
333 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
334 | .addComponent(jComboBox1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
335 | .addGap(18, 18, 18)
336 | .addComponent(jLabel2)
337 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
338 | .addComponent(jTextField1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
339 | .addGap(18, 18, 18)
340 | .addComponent(jLabel3)
341 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
342 | .addComponent(jTextField2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
343 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 62, Short.MAX_VALUE)
344 | .addComponent(jCheckBox1)
345 | .addContainerGap())
346 | );
347 |
348 | jPanel4.add(jPanel5);
349 | jPanel5.setBounds(8, 7, 423, 270);
350 |
351 | jPanel9.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
352 |
353 | jLabel6.setText("Obff. char (Separated with space)");
354 |
355 | jTextField5.setName("off_char"); // NOI18N
356 |
357 | jLabel7.setText("Replace with (Separated with space)");
358 |
359 | jTextField6.setName("replace_with"); // NOI18N
360 |
361 | javax.swing.GroupLayout jPanel9Layout = new javax.swing.GroupLayout(jPanel9);
362 | jPanel9.setLayout(jPanel9Layout);
363 | jPanel9Layout.setHorizontalGroup(
364 | jPanel9Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
365 | .addGroup(jPanel9Layout.createSequentialGroup()
366 | .addContainerGap()
367 | .addGroup(jPanel9Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
368 | .addComponent(jLabel6, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
369 | .addComponent(jTextField5))
370 | .addGap(18, 18, 18)
371 | .addGroup(jPanel9Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
372 | .addComponent(jLabel7, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
373 | .addComponent(jTextField6, javax.swing.GroupLayout.PREFERRED_SIZE, 261, javax.swing.GroupLayout.PREFERRED_SIZE))
374 | .addContainerGap(13, Short.MAX_VALUE))
375 | );
376 | jPanel9Layout.setVerticalGroup(
377 | jPanel9Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
378 | .addGroup(jPanel9Layout.createSequentialGroup()
379 | .addContainerGap()
380 | .addGroup(jPanel9Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
381 | .addComponent(jLabel6)
382 | .addComponent(jLabel7))
383 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
384 | .addGroup(jPanel9Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
385 | .addComponent(jTextField5, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
386 | .addComponent(jTextField6, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
387 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
388 | );
389 |
390 | jPanel4.add(jPanel9);
391 | jPanel9.setBounds(450, 220, 540, 58);
392 |
393 | jPanel7.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
394 |
395 | jLabel4.setText("Request Options to Decrypt & Encrypt");
396 |
397 | buttonGroup2.add(jCheckBox2);
398 | jCheckBox2.setText("Complete Request Body");
399 | jCheckBox2.setName("req_body"); // NOI18N
400 |
401 | buttonGroup2.add(jCheckBox3);
402 | jCheckBox3.setText("Specific Request Parameters (Separated with space)");
403 |
404 | jTextField3.setName("req_parameter"); // NOI18N
405 |
406 | buttonGroup3.add(jCheckBox6);
407 | jCheckBox6.setText("Override Complete request body (After decrypting - Form)");
408 | jCheckBox6.setName("override_req"); // NOI18N
409 |
410 | buttonGroup3.add(jCheckBox16);
411 | jCheckBox16.setText("Override Complete request body (After decrypting - JSON)");
412 | jCheckBox16.setName("override_req"); // NOI18N
413 |
414 | javax.swing.GroupLayout jPanel7Layout = new javax.swing.GroupLayout(jPanel7);
415 | jPanel7.setLayout(jPanel7Layout);
416 | jPanel7Layout.setHorizontalGroup(
417 | jPanel7Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
418 | .addGroup(jPanel7Layout.createSequentialGroup()
419 | .addContainerGap()
420 | .addGroup(jPanel7Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
421 | .addGroup(jPanel7Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
422 | .addComponent(jCheckBox2)
423 | .addComponent(jCheckBox3, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
424 | .addComponent(jLabel4, javax.swing.GroupLayout.PREFERRED_SIZE, 322, javax.swing.GroupLayout.PREFERRED_SIZE)
425 | .addComponent(jCheckBox6)
426 | .addComponent(jTextField3))
427 | .addComponent(jCheckBox16))
428 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
429 | );
430 | jPanel7Layout.setVerticalGroup(
431 | jPanel7Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
432 | .addGroup(jPanel7Layout.createSequentialGroup()
433 | .addContainerGap()
434 | .addComponent(jLabel4)
435 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
436 | .addComponent(jCheckBox2)
437 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
438 | .addComponent(jCheckBox3)
439 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
440 | .addComponent(jTextField3, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
441 | .addGap(18, 18, 18)
442 | .addComponent(jCheckBox6)
443 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
444 | .addComponent(jCheckBox16)
445 | .addContainerGap(16, Short.MAX_VALUE))
446 | );
447 |
448 | jPanel4.add(jPanel7);
449 | jPanel7.setBounds(450, 10, 450, 200);
450 |
451 | jPanel8.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
452 |
453 | jLabel5.setText("Response Options to Decrypt & Encrypt");
454 |
455 | buttonGroup1.add(jCheckBox4);
456 | jCheckBox4.setText("Complete Response Body");
457 | jCheckBox4.setName("req_body"); // NOI18N
458 |
459 | buttonGroup1.add(jCheckBox5);
460 | jCheckBox5.setText("Specific Response Parameters (Separated with space)");
461 |
462 | jTextField4.setName("req_parameter"); // NOI18N
463 |
464 | buttonGroup4.add(jCheckBox7);
465 | jCheckBox7.setText("Override Complete response body (After decrypting - Form)");
466 | jCheckBox7.setName("override_res"); // NOI18N
467 | jCheckBox7.addActionListener(new java.awt.event.ActionListener() {
468 | public void actionPerformed(java.awt.event.ActionEvent evt) {
469 | jCheckBox7ActionPerformed(evt);
470 | }
471 | });
472 |
473 | buttonGroup1.add(jCheckBox15);
474 | jCheckBox15.setText("Ignore Response");
475 |
476 | buttonGroup4.add(jCheckBox17);
477 | jCheckBox17.setText("Override Complete response body (After decrypting - JSON)");
478 | jCheckBox17.setName("override_res"); // NOI18N
479 | jCheckBox17.addActionListener(new java.awt.event.ActionListener() {
480 | public void actionPerformed(java.awt.event.ActionEvent evt) {
481 | jCheckBox17ActionPerformed(evt);
482 | }
483 | });
484 |
485 | javax.swing.GroupLayout jPanel8Layout = new javax.swing.GroupLayout(jPanel8);
486 | jPanel8.setLayout(jPanel8Layout);
487 | jPanel8Layout.setHorizontalGroup(
488 | jPanel8Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
489 | .addGroup(jPanel8Layout.createSequentialGroup()
490 | .addContainerGap()
491 | .addGroup(jPanel8Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
492 | .addGroup(jPanel8Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, false)
493 | .addGroup(jPanel8Layout.createSequentialGroup()
494 | .addComponent(jCheckBox4)
495 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
496 | .addComponent(jCheckBox15))
497 | .addComponent(jLabel5, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.PREFERRED_SIZE, 322, javax.swing.GroupLayout.PREFERRED_SIZE)
498 | .addComponent(jCheckBox5, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
499 | .addComponent(jCheckBox7, javax.swing.GroupLayout.Alignment.LEADING)
500 | .addComponent(jTextField4))
501 | .addComponent(jCheckBox17))
502 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
503 | );
504 | jPanel8Layout.setVerticalGroup(
505 | jPanel8Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
506 | .addGroup(jPanel8Layout.createSequentialGroup()
507 | .addContainerGap()
508 | .addComponent(jLabel5)
509 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
510 | .addGroup(jPanel8Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
511 | .addComponent(jCheckBox4)
512 | .addComponent(jCheckBox15))
513 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
514 | .addComponent(jCheckBox5)
515 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
516 | .addComponent(jTextField4, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
517 | .addGap(18, 18, 18)
518 | .addComponent(jCheckBox7)
519 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
520 | .addComponent(jCheckBox17)
521 | .addContainerGap(16, Short.MAX_VALUE))
522 | );
523 |
524 | jPanel4.add(jPanel8);
525 | jPanel8.setBounds(910, 10, 460, 200);
526 |
527 | javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1);
528 | jPanel1.setLayout(jPanel1Layout);
529 | jPanel1Layout.setHorizontalGroup(
530 | jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
531 | .addComponent(jPanel6, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
532 | .addComponent(jPanel4, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
533 | );
534 | jPanel1Layout.setVerticalGroup(
535 | jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
536 | .addGroup(jPanel1Layout.createSequentialGroup()
537 | .addComponent(jPanel4, javax.swing.GroupLayout.PREFERRED_SIZE, 292, javax.swing.GroupLayout.PREFERRED_SIZE)
538 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
539 | .addComponent(jPanel6, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
540 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
541 | );
542 |
543 | jSplitPane1.setLeftComponent(jPanel1);
544 |
545 | jPanel11.setLayout(new javax.swing.BoxLayout(jPanel11, javax.swing.BoxLayout.LINE_AXIS));
546 |
547 | jTabbedPane3.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
548 |
549 | jPanel3.setLayout(new javax.swing.BoxLayout(jPanel3, javax.swing.BoxLayout.LINE_AXIS));
550 |
551 | jTextArea1.setColumns(20);
552 | jTextArea1.setRows(5);
553 | jScrollPane1.setViewportView(jTextArea1);
554 |
555 | jPanel3.add(jScrollPane1);
556 |
557 | jTabbedPane3.addTab("Input", jPanel3);
558 |
559 | jPanel11.add(jTabbedPane3);
560 |
561 | jTabbedPane4.setBorder(javax.swing.BorderFactory.createTitledBorder(""));
562 |
563 | jPanel2.setLayout(new java.awt.BorderLayout());
564 |
565 | jTextArea2.setColumns(20);
566 | jTextArea2.setRows(5);
567 | jScrollPane2.setViewportView(jTextArea2);
568 |
569 | jPanel2.add(jScrollPane2, java.awt.BorderLayout.CENTER);
570 |
571 | jTabbedPane4.addTab("Output", jPanel2);
572 |
573 | jPanel11.add(jTabbedPane4);
574 |
575 | jSplitPane1.setRightComponent(jPanel11);
576 |
577 | add(jSplitPane1);
578 | }// //GEN-END:initComponents
579 |
580 | public Boolean is_string_empty(String _str){
581 | if(_str.length() == 0 || _str.isEmpty() || _str.equals("") || _str == null){
582 | return true;
583 | }
584 | return false;
585 | }
586 |
587 |
588 | public Boolean validate_host(){
589 | String _url = this.jTextField7.getText().trim();
590 | if(is_string_empty(_url)){ JOptionPane.showMessageDialog(this, "Please provide a Host URL !!!"); return false; }
591 |
592 | try{
593 | URL abc = new URL(_url);
594 | this._burpObj._host = abc.getHost();
595 | return true;
596 | }catch (Exception ex){
597 | JOptionPane.showMessageDialog(this, "Please provide a valid Host URL (e.g https://abc.com) !!!");
598 | return false;
599 | }
600 | }
601 |
602 | public Boolean validate_secret_key(){
603 | String _secret_key = this.jTextField1.getText().trim();
604 | if(is_string_empty(_secret_key)){ JOptionPane.showMessageDialog(this, "Please provide a Secret Key !!!"); return false; }
605 | this._burpObj._secret_key = _secret_key;
606 | return true;
607 | }
608 |
609 | public Boolean validate_iv_param(){
610 | if(this.jCheckBox1.isSelected()){
611 | this._burpObj._exclude_iv = true;
612 | return true;
613 | }
614 |
615 | String _iv_param = this.jTextField2.getText().trim();
616 | if(is_string_empty(_iv_param)){ JOptionPane.showMessageDialog(this, "Please provide a IV Parameter !!!"); return false; }
617 | this._burpObj._iv_param = _iv_param;
618 | return true;
619 | }
620 |
621 | public Boolean validate_Obff(){
622 | if(!this.jCheckBox8.isSelected()){
623 | this._burpObj._do_off = false;
624 | return true;
625 | }
626 |
627 | String _obff_char = this.jTextField5.getText().trim();
628 | if(is_string_empty(_obff_char)){ JOptionPane.showMessageDialog(this, "Please provide Obff char !!!"); return false; }
629 |
630 | String _replace_with = this.jTextField6.getText().trim();
631 | if(is_string_empty(_replace_with)){ JOptionPane.showMessageDialog(this, "Please provide Replace with char !!!"); return false; }
632 |
633 | this._burpObj._obffusicatedChar = _obff_char.split(" ");
634 | this._burpObj._replaceWithChar = _replace_with.split(" ");
635 | return true;
636 | }
637 |
638 | public Boolean validate_url_ed(){
639 | if(this.jCheckBox14.isSelected()){
640 | this._burpObj._url_enc_dec = true;
641 | }
642 | return true;
643 | }
644 |
645 | public Boolean validate_debug_mode(){
646 | if(this.jCheckBox13.isSelected()){
647 | this._burpObj.isDebug = true;
648 | }
649 | else{
650 | this._burpObj.isDebug = false;
651 | }
652 | return true;
653 | }
654 |
655 | public Boolean validate_request_params(){
656 | if(this.jCheckBox2.isSelected()){
657 | this._burpObj._is_req_body = true;
658 | this._burpObj._is_ovrr_req_body = false;
659 | this._burpObj._is_req_param = false;
660 | return true;
661 | }
662 | else if (this.jCheckBox3.isSelected()) {
663 | this._burpObj._is_req_body = false;
664 | this._burpObj._is_req_param = true;
665 | this._burpObj._is_ovrr_req_body = false;
666 | if(this.jCheckBox6.isSelected()){ this._burpObj._is_ovrr_req_body = true; this._burpObj._is_ovrr_req_body_form = true; this._burpObj._is_ovrr_req_body_json = false;}
667 | if(this.jCheckBox16.isSelected()){ this._burpObj._is_ovrr_req_body = true; this._burpObj._is_ovrr_req_body_json = true; this._burpObj._is_ovrr_req_body_form = false; }
668 |
669 | String _req_param = this.jTextField3.getText().trim();
670 | if (is_string_empty(_req_param)) { JOptionPane.showMessageDialog(this, "Please provide Request Parameter !!!"); return false; }
671 |
672 | this._burpObj._req_param = _req_param.split(" ");
673 | if(this._burpObj._is_ovrr_req_body && this._burpObj._req_param.length > 1){ JOptionPane.showMessageDialog(this, "Request can't exceed more than once in case of override !!!"); return false;}
674 | return true;
675 | }
676 | else {
677 | JOptionPane.showMessageDialog(this, "Please Select Request Options !!!");
678 | return false;
679 | }
680 | }
681 |
682 | public Boolean validate_response_params(){
683 | if(this.jCheckBox15.isSelected()){
684 | this._burpObj._is_res_body = false;
685 | this._burpObj._is_ovrr_res_body = false;
686 | this._burpObj._is_res_param = false;
687 | return true;
688 | }
689 | else if(this.jCheckBox4.isSelected()){
690 | this._burpObj._is_res_body = true;
691 | this._burpObj._is_ovrr_res_body = false;
692 | this._burpObj._is_res_param = false;
693 | return true;
694 | }
695 | else if (this.jCheckBox5.isSelected()){
696 | this._burpObj._is_res_body = false;
697 | this._burpObj._is_ovrr_res_body = false;
698 | this._burpObj._is_res_param = true;
699 | if(this.jCheckBox7.isSelected()){ this._burpObj._is_ovrr_res_body = true; this._burpObj._is_ovrr_res_body_form = true; this._burpObj._is_ovrr_res_body_json = false; }
700 | if(this.jCheckBox17.isSelected()){ this._burpObj._is_ovrr_res_body = true; this._burpObj._is_ovrr_res_body_json = true; this._burpObj._is_ovrr_res_body_form = false; }
701 |
702 | String _res_param = this.jTextField4.getText().trim();
703 | if(is_string_empty(_res_param)) { JOptionPane.showMessageDialog(this, "Please provide Respons Parameter !!!"); return false; }
704 |
705 | this._burpObj._res_param = _res_param.split(" ");
706 | if(this._burpObj._is_ovrr_res_body && this._burpObj._res_param.length > 1){ JOptionPane.showMessageDialog(this, "Response can't exceed more than once in case of override !!!"); return false;}
707 | return true;
708 | }
709 | else{
710 | JOptionPane.showMessageDialog(this, "Please Select Response Options !!!");
711 | return false;
712 | }
713 | }
714 |
715 | private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton2ActionPerformed
716 |
717 | // Validate Host
718 | if(!validate_host()){ return; }
719 |
720 | // Validate encryption / decryption input
721 | this._burpObj._enc_type = String.valueOf(this.jComboBox1.getSelectedItem());
722 | if(!validate_secret_key()) { return; }
723 | if(!validate_iv_param()) { return; }
724 |
725 | // Validate Obff + URL
726 | if(!validate_Obff()) { return; }
727 | if(!validate_url_ed()) { return; }
728 |
729 | // Validate Debug Mode
730 | validate_debug_mode();
731 |
732 | // Validate Request
733 | if(!validate_request_params()) { return; }
734 |
735 | // Validate Response
736 | if(!validate_response_params()) { return; }
737 |
738 | // Start AES Killer
739 | this._burpObj.start_aes_killer();
740 |
741 | // Change Enable / Disable Button
742 | this.jButton2.setEnabled(false);
743 | this.jButton1.setEnabled(true);
744 |
745 | JOptionPane.showMessageDialog(this, "AES Killer started !!!");
746 |
747 | }//GEN-LAST:event_jButton2ActionPerformed
748 |
749 | private void jCheckBox7ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox7ActionPerformed
750 | // TODO add your handling code here:
751 | }//GEN-LAST:event_jCheckBox7ActionPerformed
752 |
753 | private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed
754 | // TODO add your handling code here:
755 | this._burpObj.stop_aes_killer();
756 |
757 | this.jButton2.setEnabled(true);
758 | this.jButton1.setEnabled(false);
759 |
760 | JOptionPane.showMessageDialog(this, "AES Killer stopped !!!");
761 | }//GEN-LAST:event_jButton1ActionPerformed
762 |
763 | private void jCheckBox17ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox17ActionPerformed
764 | // TODO add your handling code here:
765 | }//GEN-LAST:event_jCheckBox17ActionPerformed
766 |
767 | private void jButton5ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton5ActionPerformed
768 | // TODO add your handling code here:
769 | this.jTextArea1.setText("");
770 | this.jTextArea2.setText("");
771 | }//GEN-LAST:event_jButton5ActionPerformed
772 |
773 | private void jButton3ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton3ActionPerformed
774 | // TODO add your handling code here:
775 | String _txt = this.jTextArea1.getText().trim();
776 | if (is_string_empty(_txt)) { JOptionPane.showMessageDialog(this, "Please provide data to encrypt !!!"); return; }
777 |
778 | if(this._burpObj.isRunning){
779 | this.jTextArea2.setText(this._burpObj.do_encrypt(_txt));
780 | }
781 | else{
782 | // Validate encryption / decryption input
783 | this._burpObj._enc_type = String.valueOf(this.jComboBox1.getSelectedItem());
784 | if(!validate_secret_key()) { return; }
785 | if(!validate_iv_param()) { return; }
786 |
787 | // Validate Obff + URL
788 | if(!validate_Obff()) { return; }
789 | if(!validate_url_ed()) { return; }
790 |
791 | this.jTextArea2.setText(this._burpObj.do_encrypt(_txt));
792 | }
793 |
794 | }//GEN-LAST:event_jButton3ActionPerformed
795 |
796 | private void jButton4ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton4ActionPerformed
797 | // TODO add your handling code here:
798 | String _txt = this.jTextArea1.getText().trim();
799 | if (is_string_empty(_txt)) { JOptionPane.showMessageDialog(this, "Please provide data to decrypt !!!"); return; }
800 |
801 | if(this._burpObj.isRunning){
802 | this.jTextArea2.setText(this._burpObj.do_decrypt(_txt));
803 | }
804 | else{
805 | // Validate encryption / decryption input
806 | this._burpObj._enc_type = String.valueOf(this.jComboBox1.getSelectedItem());
807 | if(!validate_secret_key()) { return; }
808 | if(!validate_iv_param()) { return; }
809 |
810 | // Validate Obff + URL
811 | if(!validate_Obff()) { return; }
812 | if(!validate_url_ed()) { return; }
813 |
814 | this.jTextArea2.setText(this._burpObj.do_decrypt(_txt));
815 | }
816 | }//GEN-LAST:event_jButton4ActionPerformed
817 |
818 |
819 | // Variables declaration - do not modify//GEN-BEGIN:variables
820 | private javax.swing.ButtonGroup buttonGroup1;
821 | private javax.swing.ButtonGroup buttonGroup2;
822 | private javax.swing.ButtonGroup buttonGroup3;
823 | private javax.swing.ButtonGroup buttonGroup4;
824 | private javax.swing.ButtonGroup buttonGroup5;
825 | private javax.swing.JButton jButton1;
826 | private javax.swing.JButton jButton2;
827 | private javax.swing.JButton jButton3;
828 | private javax.swing.JButton jButton4;
829 | private javax.swing.JButton jButton5;
830 | private javax.swing.JCheckBox jCheckBox1;
831 | private javax.swing.JCheckBox jCheckBox10;
832 | private javax.swing.JCheckBox jCheckBox11;
833 | private javax.swing.JCheckBox jCheckBox12;
834 | private javax.swing.JCheckBox jCheckBox13;
835 | private javax.swing.JCheckBox jCheckBox14;
836 | private javax.swing.JCheckBox jCheckBox15;
837 | private javax.swing.JCheckBox jCheckBox16;
838 | private javax.swing.JCheckBox jCheckBox17;
839 | private javax.swing.JCheckBox jCheckBox2;
840 | private javax.swing.JCheckBox jCheckBox3;
841 | private javax.swing.JCheckBox jCheckBox4;
842 | private javax.swing.JCheckBox jCheckBox5;
843 | private javax.swing.JCheckBox jCheckBox6;
844 | private javax.swing.JCheckBox jCheckBox7;
845 | private javax.swing.JCheckBox jCheckBox8;
846 | private javax.swing.JCheckBox jCheckBox9;
847 | private javax.swing.JComboBox jComboBox1;
848 | private javax.swing.JLabel jLabel1;
849 | private javax.swing.JLabel jLabel2;
850 | private javax.swing.JLabel jLabel3;
851 | private javax.swing.JLabel jLabel4;
852 | private javax.swing.JLabel jLabel5;
853 | private javax.swing.JLabel jLabel6;
854 | private javax.swing.JLabel jLabel7;
855 | private javax.swing.JLabel jLabel8;
856 | private javax.swing.JPanel jPanel1;
857 | private javax.swing.JPanel jPanel10;
858 | private javax.swing.JPanel jPanel11;
859 | private javax.swing.JPanel jPanel12;
860 | private javax.swing.JPanel jPanel2;
861 | private javax.swing.JPanel jPanel3;
862 | private javax.swing.JPanel jPanel4;
863 | private javax.swing.JPanel jPanel5;
864 | private javax.swing.JPanel jPanel6;
865 | private javax.swing.JPanel jPanel7;
866 | private javax.swing.JPanel jPanel8;
867 | private javax.swing.JPanel jPanel9;
868 | private javax.swing.JScrollPane jScrollPane1;
869 | private javax.swing.JScrollPane jScrollPane2;
870 | private javax.swing.JSplitPane jSplitPane1;
871 | private javax.swing.JTabbedPane jTabbedPane3;
872 | private javax.swing.JTabbedPane jTabbedPane4;
873 | private javax.swing.JTextArea jTextArea1;
874 | private javax.swing.JTextArea jTextArea2;
875 | private javax.swing.JTextField jTextField1;
876 | private javax.swing.JTextField jTextField2;
877 | private javax.swing.JTextField jTextField3;
878 | private javax.swing.JTextField jTextField4;
879 | private javax.swing.JTextField jTextField5;
880 | private javax.swing.JTextField jTextField6;
881 | private javax.swing.JTextField jTextField7;
882 | // End of variables declaration//GEN-END:variables
883 | }
884 |
--------------------------------------------------------------------------------
/src/main/java/burp/AES_Killer.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
845 |
--------------------------------------------------------------------------------