The main features are:
- Add a custom tab in read-only on HTTP Request View in order to show the decrypted parameter values
- Add a custom tab in read-write on all HTTP Request sent to Repeater, in order to manipulate the decrypted parameter values on-the-fly
- Automatically identify Insertion Points inside the encrypted parameter when sending the requests to the Active Scanner
- Add a custom Logger View to keep track of all requests (with the related responses) that contain the encrypted parameter, save also the cookies and the AES key used for encrypt/decrypt data
- Add a preference panel in order to customize the parameter name used with JCryption to hold encrypted data, show the current AES key, enable/disable the extension without unload it
- Add custom menu entries, useful to send the requests to Repeater or Active Scanner. You can choose if you keep the original request session or make a new request using the last cookies/AES key saved
- Automatically save and restore extension persistent settings (you can clean up settings by Preferences panel)
- Add support to Export/Import Logger View entries in/from CSV from the Preferences panel
This extension requires Java version 8
Tested against JCryption v2.x and v3.x (the original releases are available here)
|Last updated||14 July 2017|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.