v3.0

Ebryx · Nov 1, 2018 · 4f8d8c0 · 4f8d8c0
1 parent 4d3d91d
commit 4f8d8c0
Show file tree

Hide file tree

Showing 18 changed files with 333 additions and 234 deletions.
diff --git a/build/built-jar.properties b/build/built-jar.properties
@@ -1,4 +1,4 @@
-#Mon, 01 Oct 2018 17:26:17 +0500
+#Thu, 01 Nov 2018 20:30:25 +0500
 
 
-C\:\\Users\\abdul.wahab\\Documents\\Git\ Projects\\AES\ Killer=
+D\:\\Backup\\Git\ Projects\\AES-Killer=
diff --git a/build/classes/burp/BurpExtender.class b/build/classes/burp/BurpExtender.class
diff --git a/build/classes/burp/MainPanel$1.class b/build/classes/burp/MainPanel$1.class
diff --git a/build/classes/burp/MainPanel$10.class b/build/classes/burp/MainPanel$10.class
diff --git a/build/classes/burp/MainPanel$2.class b/build/classes/burp/MainPanel$2.class
diff --git a/build/classes/burp/MainPanel$3.class b/build/classes/burp/MainPanel$3.class
diff --git a/build/classes/burp/MainPanel$4.class b/build/classes/burp/MainPanel$4.class
diff --git a/build/classes/burp/MainPanel$5.class b/build/classes/burp/MainPanel$5.class
diff --git a/build/classes/burp/MainPanel$6.class b/build/classes/burp/MainPanel$6.class
diff --git a/build/classes/burp/MainPanel$7.class b/build/classes/burp/MainPanel$7.class
diff --git a/build/classes/burp/MainPanel$8.class b/build/classes/burp/MainPanel$8.class
diff --git a/build/classes/burp/MainPanel$9.class b/build/classes/burp/MainPanel$9.class
diff --git a/build/classes/burp/MainPanel.class b/build/classes/burp/MainPanel.class
diff --git a/dist/AES_Killer.jar b/dist/AES_Killer.jar
diff --git a/nbproject/private/private.xml b/nbproject/private/private.xml
@@ -2,6 +2,9 @@
 <project-private xmlns="http://www.netbeans.org/ns/project-private/1">
     <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/>
     <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/2">
-        <group/>
+        <group>
+            <file>file:/D:/Backup/Git%20Projects/AES-Killer/src/burp/BurpExtender.java</file>
+            <file>file:/D:/Backup/Git%20Projects/AES-Killer/src/burp/MainPanel.java</file>
+        </group>
     </open-files>
 </project-private>
diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java
@@ -60,78 +60,38 @@ public Component getUiComponent() {
         return this.myPanel;
     }
 
-    @Override
-    public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) {
-        if (messageIsRequest){
-            IHttpRequestResponse messageInfo = message.getMessageInfo();
-            IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
-            List headers = reqInfo.getHeaders();
-            String request = new String(messageInfo.getRequest());
-            String URL = new String(reqInfo.getUrl().toString());
-            if (URL.contains(this.reqURL)){
-                String messageBody = request.substring(reqInfo.getBodyOffset());                
-                if ( !this.reqParameter.equals("") && messageBody.startsWith(this.reqParameter)){
-                    String arr[] = messageBody.split(this.reqParameter);
-                    messageBody = arr[1].substring(0, arr[1].length()-1);
-                }
-                messageBody = removeNull(messageBody);
-                if(this.isOffusicated){messageBody = removeOff(messageBody);}
-                messageBody = doDecrypt(messageBody);
-                byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
-                messageInfo.setRequest(updateMessage);
-            }
-
-        }
-        else {
-
-            if (this.decResponse != true){
-                return;
-            }
-            IHttpRequestResponse messageInfo = message.getMessageInfo();
-            IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
-            String URL = new String(reqInfo.getUrl().toString());
-            if (URL.contains(this.reqURL)){
-                IResponseInfo resInfo = helpers.analyzeResponse(messageInfo.getResponse());
-                List headers = resInfo.getHeaders();
-                String response = new String(messageInfo.getResponse());
-                String params = new String(response.substring(resInfo.getBodyOffset()));
-                try{
-                    params = doDecrypt(params);
-                    byte[] updateMessage = helpers.buildHttpMessage(headers, params.getBytes());
-                    messageInfo.setResponse(updateMessage);
-                }
-                catch (Exception ex) {
-                    stdout.println( params.length() + ": Exception Here");
-                }
-            }
-        }
-    }
-
-    public String doEncrypt(String paramString){
+    public String doEncrypt(String paramString, Boolean doOffFlag){
         try{
+            String temp_params = paramString;
             cipher.init(1, sec_key ,iv_param);
-            paramString = new String (Base64.getEncoder().encodeToString(cipher.doFinal(paramString.getBytes())));
-            return paramString;
+            temp_params = new String (Base64.getEncoder().encodeToString(cipher.doFinal(temp_params.getBytes())));
+            if(doOffFlag && this.isOffusicated){temp_params = this.doOff(temp_params);}
+            return temp_params;
         }catch(Exception ex){
-            return null;
+            return paramString;
         }
     }
-
+        
     public String doDecrypt(String paramString){
         try{
+            String temp_params = paramString;
             cipher.init(2, sec_key ,iv_param);
-            paramString = new String (cipher.doFinal(Base64.getDecoder().decode(paramString)));
-            return paramString;
+            if(this.isOffusicated){
+                temp_params = this.removeNull(temp_params);
+                temp_params = this.removeOff(temp_params);
+            }
+            temp_params = new String (cipher.doFinal(Base64.getDecoder().decode(temp_params)));
+            return temp_params;
         }catch(Exception ex){
-            return null;
+            return paramString;
         }
     }
 
     public String removeNull(String paramString){
         if (paramString != null) {
           return paramString.replace("%0A", "").replace("%2C","");
         }
-        return null;
+        return paramString;
     }
 
     public String removeOff(String paramString)
@@ -140,10 +100,9 @@ public String removeOff(String paramString)
           for(int i =0; i< this.offusicatedChar.length; i++){
               paramString = paramString.replace(this.replaceWithChar[i], this.offusicatedChar[i]);
           }
-//          return paramString.replace("-", "+").replace("_", "/").replace(",", "=");
           return paramString;
         }
-        return null;
+        return paramString;
     }
 
     public String doOff(String paramString)
@@ -152,28 +111,86 @@ public String doOff(String paramString)
           for(int i =0; i< this.offusicatedChar.length; i++){
               paramString = paramString.replace(this.offusicatedChar[i], this.replaceWithChar[i]);
           }
-//          return paramString.replace("+", "-").replace("/", "_").replace("=", ",");
           return paramString;
         }
-        return null;
+        return paramString;
     }
-
+    
     @Override
-    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
+    public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) {
         if (messageIsRequest){
+            IHttpRequestResponse messageInfo = message.getMessageInfo();
             IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
             List headers = reqInfo.getHeaders();
             String request = new String(messageInfo.getRequest());
             String URL = new String(reqInfo.getUrl().toString());
-            if (URL.contains(this.reqURL)){
-                String messageBody = request.substring(reqInfo.getBodyOffset());                
+            if (URL.contains(this.reqURL) && reqInfo.getMethod().toLowerCase().contains("post")){
+                if(reqInfo.getParameters().size() > 2){ return; }
+                String messageBody = new String(request.substring(reqInfo.getBodyOffset())).trim();
+//                this.stdout.println("PPM :: request :: " + messageBody);
                 if ( !this.reqParameter.equals("") && messageBody.startsWith(this.reqParameter)){
                     String arr[] = messageBody.split(this.reqParameter);
                     messageBody = arr[1].substring(0, arr[1].length()-1);
                 }
-                messageBody = removeNull(messageBody);
-                if(this.isOffusicated){messageBody = removeOff(messageBody);}
-                messageBody = doDecrypt(messageBody);
+
+                try{
+                    messageBody = doDecrypt(messageBody);
+//                    this.stdout.println("PPM :: dec --> request :: " + messageBody);
+                    byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
+                    messageInfo.setRequest(updateMessage);
+                }catch(Exception ex){
+                    stdout.println( messageBody + " :: Exception Here :: processProxyMessage request \n --> " + ex + "\n\n");
+                }
+
+            }
+
+        }
+        else {
+
+            if (this.decResponse != true){
+                return;
+            }
+            IHttpRequestResponse messageInfo = message.getMessageInfo();
+            IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
+            String URL = new String(reqInfo.getUrl().toString());
+            if (URL.contains(this.reqURL)  && reqInfo.getMethod().toLowerCase().contains("post")){ 
+                IResponseInfo resInfo = helpers.analyzeResponse(messageInfo.getResponse());
+                List headers = resInfo.getHeaders(); 
+                String response = new String(messageInfo.getResponse());
+                String params = new String(response.substring(resInfo.getBodyOffset())).trim();
+                try{
+//                    this.stdout.println("PPM :: before enc :: " + params);
+                    params = doEncrypt(params, false);
+                    if ( !this.resPrarameter.equals("")){
+                        params = this.resPrarameter + params;
+                    }
+//                    this.stdout.println("PPM :: after enc :: " + params);
+                    byte[] updateMessage = helpers.buildHttpMessage(headers, params.getBytes());
+                    messageInfo.setResponse(updateMessage);
+                }
+                catch (Exception ex) {
+                    stdout.println( params + ": Exception Here :: processProxyMessage response \n" + ex + "\n\n");
+                }
+            }
+        }
+    }
+
+
+
+    @Override
+    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
+        if (messageIsRequest){
+            IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
+            List headers = reqInfo.getHeaders();
+            String request = new String(messageInfo.getRequest());
+            String URL = new String(reqInfo.getUrl().toString());
+            if (URL.contains(this.reqURL) && reqInfo.getMethod().toLowerCase().contains("post")){
+                if(reqInfo.getParameters().size() > 2){ return; }
+                String messageBody = request.substring(reqInfo.getBodyOffset()).trim();                
+//                this.stdout.println( "PHM :: before enc :: " + messageBody);
+                messageBody = doEncrypt(messageBody, true);
+                messageBody = "params=" + messageBody;
+//                this.stdout.println( "PHM :: after enc :: " + messageBody);
                 byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes());
                 messageInfo.setRequest(updateMessage);
             }
@@ -184,20 +201,27 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
             if (this.decResponse != true){
                 return;
             }
+//            this.stdout.println("----- response -----");
             IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
             String URL = new String(reqInfo.getUrl().toString());
-            if (URL.contains(this.reqURL)){
+            if (URL.contains(this.reqURL) && reqInfo.getMethod().toLowerCase().contains("post")){
                 IResponseInfo resInfo = helpers.analyzeResponse(messageInfo.getResponse());
                 List headers = resInfo.getHeaders();
                 String response = new String(messageInfo.getResponse());
-                String params = new String(response.substring(resInfo.getBodyOffset()));
+                String params = new String(response.substring(resInfo.getBodyOffset())).trim();
                 try{
+                    if ( !this.resPrarameter.equals("") && params.startsWith(this.resPrarameter)){
+                        String arr[] = params.split(this.resPrarameter);
+                        params = arr[1].substring(0, arr[1].length()-1);
+                    }
+//                    this.stdout.println("PHM :: before dec :: " + params);
                     params = doDecrypt(params);
+//                    this.stdout.println("PHM :: after dec :: " + params);
                     byte[] updateMessage = helpers.buildHttpMessage(headers, params.getBytes());
                     messageInfo.setResponse(updateMessage);
                 }
                 catch (Exception ex) {
-                    stdout.println( params.length() + ": Exception Here");
+                    stdout.println( params.length() + ": Exception Here :: processHttpMessage response");
                 }
             }
         }