c0ny1 / Jsencrypter
一个用于前端加密Fuzz的Burp Suite插件
Stars: ✭ 532
Programming Languages
java
68154 projects - #9 most used programming language
Labels
Projects that are alternatives of or similar to Jsencrypter
Certfuzz
This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
Stars: ✭ 233 (-56.2%)
Mutual labels: fuzz-testing
targets
🎯 A collection of fuzzing targets written in Rust.
Stars: ✭ 91 (-82.89%)
Mutual labels: fuzz-testing
Honggfuzz Rs
Fuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (-58.27%)
Mutual labels: fuzz-testing
Awesome Fuzzing
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
Stars: ✭ 399 (-25%)
Mutual labels: fuzz-testing
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+621.99%)
Mutual labels: fuzz-testing
eslump
Fuzz testing JavaScript parsers and suchlike programs.
Stars: ✭ 56 (-89.47%)
Mutual labels: fuzz-testing
clusterfuzzlite
ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
Stars: ✭ 315 (-40.79%)
Mutual labels: fuzz-testing
Burpcrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (-34.21%)
Mutual labels: fuzz-testing
Trophy Case
🏆 Collection of bugs uncovered by fuzzing Rust code
Stars: ✭ 225 (-57.71%)
Mutual labels: fuzz-testing
jsEncrypter | 前端加密Fuzz插件
0x01 插件简介
本插件使用phantomjs
启动前端加密函数对数据进行加密,方便对加密数据输入点进行fuzz,比如可以使用于前端加密传输爆破等场景。
0x02 插件编译
安装好maven,然后执行以下命令即可编译成功:
mvn package
0x03 插件使用
3.1 运行靶机
项目提供了一个用php编写的靶机(jsEncrypter/server),靶机提供了7个算法对密码进行加密后传输,后台解密,最后进行密码匹配。
- base64
- md5
- sha1
- sha254
- sha384
- sha512
- RSA
3.2 编写phantomJS运行脚本
jsEncrypter/js/jsEncrypter_base.js
为插件phantomJS脚本模板。我们只需要将实现加密算法的js文件引入模板脚本,并在模板脚本的js_encrypt函数体中完成对加密函数的调用。
...
/* 1.在这引入实现加密所有js文件,注意引入顺序和网页一致 */
loadScript("script-1.js");
loadScript("script-2.js");
loadScript("script-n.js");
/**********************************************/
...
function jsEncrypt(burp_payload){
var new_payload;
/* 2.在这里编写调用加密函数进行加密的代码,并把结果赋值给new_payload */
/*********************************************************/
return new_payload;
}
...
项目jsEncrypter/server/TestScript目录下是编写好的对应靶机各个加密算法的phantomJS脚本,可以参考!
3.3 运行phantomJS并测试
运行phantomJS
>phantomJS.exe jsEncrypter_sha1.js
测试的目的是为了确保我们编写的phantomJS脚本能够正常加密payload。
3.4 抓包暴力破解
0x04 相关文章
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].