GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → c0ny1 → Jsencrypter

c0ny1 / Jsencrypter

一个用于前端加密Fuzz的Burp Suite插件

Programming Languages

java
68154 projects - #9 most used programming language

Labels

fuzz-testing

Projects that are alternatives of or similar to Jsencrypter

Certfuzz
This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
Stars: ✭ 233 (-56.2%)
Mutual labels:  fuzz-testing
tribble
Coverage based JVM Fuzz testing tool.
Stars: ✭ 16 (-96.99%)
Mutual labels:  fuzz-testing
Sqlsmith
A random SQL query generator
Stars: ✭ 343 (-35.53%)
Mutual labels:  fuzz-testing
targets
🎯 A collection of fuzzing targets written in Rust.
Stars: ✭ 91 (-82.89%)
Mutual labels:  fuzz-testing
jest-fuzz
Fuzz testing for jest
Stars: ✭ 24 (-95.49%)
Mutual labels:  fuzz-testing
fuzzuf
Fuzzing Unification Framework
Stars: ✭ 263 (-50.56%)
Mutual labels:  fuzz-testing
Honggfuzz Rs
Fuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (-58.27%)
Mutual labels:  fuzz-testing
Awesome Fuzzing
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
Stars: ✭ 399 (-25%)
Mutual labels:  fuzz-testing
OpenXMolar
A MS OpenXML Format Fuzzing Framework
Stars: ✭ 79 (-85.15%)
Mutual labels:  fuzz-testing
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+621.99%)
Mutual labels:  fuzz-testing
eslump
Fuzz testing JavaScript parsers and suchlike programs.
Stars: ✭ 56 (-89.47%)
Mutual labels:  fuzz-testing
fuzzr
Fuzz-Test R Functions
Stars: ✭ 19 (-96.43%)
Mutual labels:  fuzz-testing
clusterfuzzlite
ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
Stars: ✭ 315 (-40.79%)
Mutual labels:  fuzz-testing
Grizzly
A cross-platform browser fuzzing framework
Stars: ✭ 234 (-56.02%)
Mutual labels:  fuzz-testing
Burpcrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (-34.21%)
Mutual labels:  fuzz-testing
Trophy Case
🏆 Collection of bugs uncovered by fuzzing Rust code
Stars: ✭ 225 (-57.71%)
Mutual labels:  fuzz-testing
logmap
Log4j jndi injection fuzz tool
Stars: ✭ 60 (-88.72%)
Mutual labels:  fuzz-testing
Jsfuzz
coverage guided fuzz testing for javascript
Stars: ✭ 532 (+0%)
Mutual labels:  fuzz-testing
Elm Test
moved to elm-explorations/test
Stars: ✭ 357 (-32.89%)
Mutual labels:  fuzz-testing
Fuzzdicts
Web Pentesting Fuzz 字典,一个就够了。
Stars: ✭ 4,013 (+654.32%)
Mutual labels:  fuzz-testing
View All Similar Projects ➔

jsEncrypter | 前端加密Fuzz插件

0x01 插件简介

本插件使用phantomjs启动前端加密函数对数据进行加密,方便对加密数据输入点进行fuzz,比如可以使用于前端加密传输爆破等场景。

界面

0x02 插件编译

安装好maven,然后执行以下命令即可编译成功:

mvn package

0x03 插件使用

3.1 运行靶机

项目提供了一个用php编写的靶机(jsEncrypter/server),靶机提供了7个算法对密码进行加密后传输,后台解密,最后进行密码匹配。

  • base64
  • md5
  • sha1
  • sha254
  • sha384
  • sha512
  • RSA

靶机

3.2 编写phantomJS运行脚本

jsEncrypter/js/jsEncrypter_base.js为插件phantomJS脚本模板。我们只需要将实现加密算法的js文件引入模板脚本,并在模板脚本的js_encrypt函数体中完成对加密函数的调用。

...
/* 1.在这引入实现加密所有js文件,注意引入顺序和网页一致 */
loadScript("script-1.js");
loadScript("script-2.js");
loadScript("script-n.js");
/**********************************************/

...

function jsEncrypt(burp_payload){
	var new_payload;
	/* 2.在这里编写调用加密函数进行加密的代码,并把结果赋值给new_payload */

	/*********************************************************/
	return new_payload;
}
...

项目jsEncrypter/server/TestScript目录下是编写好的对应靶机各个加密算法的phantomJS脚本,可以参考!

3.3 运行phantomJS并测试

运行phantomJS

>phantomJS.exe jsEncrypter_sha1.js

测试的目的是为了确保我们编写的phantomJS脚本能够正常加密payload。

运行phantomJS并测试

3.4 抓包暴力破解

抓包暴力破解

0x04 相关文章

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].