Burp Suite User Forum

Login to post

Packing/Unpacking custom POST data format for Active Scans

Andy | Last updated: Sep 18, 2019 09:57PM UTC

I'm trying to write an extension to test a mobile API endpoint that uses a homebrew message level encryption format. Basically there is a pre-shared AES key between the mobile app and the server, and the JSON POST data gets AES encrypted before the request is sent. I want to transparently decrypt and re-encrypt this data so the active scanner can inject into the encrypted payload. Is this feasible with a scanner or http listener?

Mike, PortSwigger Agent | Last updated: Sep 20, 2019 08:08AM UTC

Hi Andy, I think this is possible, as @IHttpListener.processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)@ is invoked; bq. when an HTTP request is about to be issued, and when an HTTP response has been received. So if you can decrypt & encrypt at those points, you should be able to modify the traffic in both the Scanner & HTTP Listener. Have a go and let us know how you get on, we might be able to help further down the line.

You need to Log in to post a reply. Or register here, for free.