A Burp plugin that wants you to test encrypted traffic as simple and efficient as plaintext
中文 |
Wiki |
Download |
FAQ |
Issue
- Automated decryption of traffic:After writing the custom hook, the plugin will automatically decrypt the traffic of subsequent agents.
- Support Burp multi module:Suitable for multiple modules of Burp, such as Intruder, Proxy, Repeater, and Scanner.
- Linkage with security tools:Support linkage with sqlmap and xray, allowing you to discover potential security vulnerabilities more efficiently.
- ...
- During penetration testing, it was discovered that the website's HTTP packets were encrypted.
- The encryption logic is relatively complex, such as encryption algorithm combinations, custom algorithms, and dynamic keys.
- I want to use a scanner that supports scanning plaintext requests and obtaining plaintext responses after the scanning request is sent.
- I can reverse engineer the encryption and decryption logic of the website (including calling client code through hooks) and have certain code capabilities.
- ...
Auto decryption
After startup, the proxy's request/response is automatically decrypted, and the decrypted request is forwarded to the repeater for sending, resulting in a plaintext response.
Linkage sqlmap
Right click to send the decrypted plaintext request to sqlmap, which can scan the plaintext request and obtain the decrypted response.
Linkage xray
Right click to send the decrypted plaintext request to xray, and xray can scan the plaintext request and obtain the decrypted response.
If this project is helpful to you, please star it.
Download:Download
Install:Extensions -> Add -> Select File -> Next
Build: build.gradle -> shadowJar(gradlew shadowJar)
Precautions:
- Onboarding Guide
- Release precautions for the corresponding version.
- Burp version >=
v2023.10.3.7
Please read FAQ and Historical Issues first. If they cannot be resolved, you can submit an issue
