Another artifact! Universal website password blasting tool

Time:2021-2-4

Another artifact! Universal website password blasting tool

Author: whw1sfb
Original text:__https://www.freebuf.com/secto…
Disclaimer: the tools and test methods mentioned in this article are only for research and learning, please abide by the “network security law” and other relevant laws and regulations.

There is a key test item in Web penetration testing: password explosion.

At present, more and more website systems add various encryption algorithms to the login interface. It’s not enough to rely on the coding methods and hash algorithms in burpsiuite. Here we introduce a encryption algorithm that supports AES / RSA / des (to be supported), and even can directly run the JS of the encryption algorithm with the plug-in in in burpsiuite: burpcrypto.

install

Burpcrypto can download the compiled version from its official GitHub page, or download the source code for local compilation, and then add plug-ins to the extension list of burpcryptosuite.

usage method

After burpcrypto is installed, a tab named burpcrypto will be added to burpsiuite. Open the tab to enter the specific setting interface of different encryption methods.

AES encryption

Another artifact! Universal website password blasting tool

Common encryption plug-ins often only provide one processor. This plug-in designs multi processor function, which can add multiple processors and run multiple testers with different encryption methods and keys at the same time.

Another artifact! Universal website password blasting tool

Another artifact! Universal website password blasting tool

Select the newly created processor in the tester

Another artifact! Universal website password blasting tool

Next, click Start attack directly.

Find the plaintext corresponding to the ciphertext

There is a much criticized problem in burpsiuite. In the test results of the tester, the original payload, that is, the dictionary content, cannot be displayed.

The plug-in has the function of built-in database. As long as the ciphertext content generated by the plug-in, you can use the “get plaintext” function provided in the plug-in to retrieve the original payload.

Another artifact! Universal website password blasting tool

Another artifact! Universal website password blasting tool

Execjs function

The plug-in also provides an alternative to the unsupported encryption algorithm. Users can extract the core function of encryption according to the encryption method used by different websites, and then add the core function to the plug-in after a little processing.

This demonstration uses a special version of MD5 algorithm used by a website.

Another artifact! Universal website password blasting tool

Another artifact! Universal website password blasting tool

Then add processor just like AES module, and use it in the same way as AES module.

Another artifact! Universal website password blasting tool

Another artifact! Universal website password blasting tool

The official GitHub of the plug-in is:https://github.com/whwlsfb/Bu…

What’s the point?? Why don’t you give me oneI’m lookingAndForward shareSupport!!!

Another artifact! Universal website password blasting tool