JCryption Handler

This extension provides a way to perform manual and/or automatic Security Assessment for Web Applications that using JCryption JavaScript library to encrypt data sent through HTTP methods (GET and POST).

The main features are:

• Hijacking the JCryption JavaScript library in order to retrieve automatically the AES key (every time it is generated), used for encrypt form data
• Add a custom tab in read-only on HTTP Request View in order to show the decrypted parameter values
• Add a custom tab in read-write on all HTTP Request sent to Repeater, in order to manipulate the decrypted parameter values on-the-fly
• Automatically identify Insertion Points inside the encrypted parameter when sending the requests to the Active Scanner
• Add a custom Logger View to keep track of all requests (with the related responses) that contain the encrypted parameter, save also the cookies and the AES key used for encrypt/decrypt data
• Add a preference panel in order to customize the parameter name used with JCryption to hold encrypted data, show the current AES key, enable/disable the extension without unload it
• Add custom menu entries, useful to send the requests to Repeater or Active Scanner. You can choose if you keep the original request session or make a new request using the last cookies/AES key saved
• Automatically save and restore extension persistent settings (you can clean up settings by Preferences panel)
• Add support to Export/Import Logger View entries in/from CSV from the Preferences panel

This extension requires Java version 8

Tested against JCryption v2.x and v3.x (the original releases are available here)