一、微信小程序批量加解密脚本
sessionkey.py,脚本如下:
#!python
#!/usr/bin/env python
# -*- coding:utf-8 -*-
# 挨个安装试试,记得把包名crypto的c改为大写C
# python3 -m pip install Crypto
# python3 -m pip install pycryptodome
# python3 -m pip install pycrypto
import base64
from Crypto.Cipher import AES
def decrypt(enStr, key, iv):
# print(enStr)
# print(key)
# print(iv)
cipher = AES.new(key, AES.MODE_CBC, iv)
msg = cipher.decrypt(enStr)
paddingLen = (msg[len(msg)-1])
# return msg[0:-paddingLen]
return msg
def decryptData(encryptedData, iv, sessionKey):
aesIV = base64.b64decode(iv)
aesCipher = base64.b64decode(encryptedData)
aesKey = base64.b64decode(sessionKey)
return decrypt(aesCipher, aesKey, aesIV)
def encrypt(str, key, iv):
cipher = AES.new(key, AES.MODE_CBC, iv)
x = 16 - (len(str) % 16)
if x != 0:
str = str + chr(x)*x
# msg = base64.b64encode(cipher.encrypt(str))
msg = base64.b64encode(cipher.encrypt(str.encode())).decode()
return msg
def encryptData(decryptedData, iv, sessionKey):
aesIV = base64.b64decode(iv)
aesKey = base64.b64decode(sessionKey)
return encrypt(decryptedData, aesKey, aesIV)
if __name__ == '__main__':
iv="RnRcVD06wXcEXL7tMfP4Rw=="
sessionkey="zmIcC3Qxu8sNY20LgPx/bA=="
encrypted_data="1F2Fjcg/0gKTWyMjdS87nuG8yiW0E7iI+mhMUPUR0f3YOXzzWGrm++CLboYcVzJuzqDpP7XIRyz60OMTOJ9cCmWWp3Hn93Bs2EQAyW3hQl1l/NfbNXPjHBqY6p04fym5E2i8eMC+kQRUVuz6iDEKD/H9vqfpV1ZMc2t5xxxxxx="
print(decryptData(encrypted_data, iv, sessionkey))
# data = '{"phoneNumber":"1812195xxxx","purePhoneNumber":"1812195xxxx","countryCode":"86","watermark":{"timestamp":1665392213,"appid":"wx2ae2c7ebf978fxxxxx"}}'
# print(encryptData(data,iv,sessionkey))
二、burp插件改造版
Burp插件,不能使用burp2.x的破解版(主要因为自带了java环境)
我们使用burp1.7x版本,会调用本地的java1.8,因为java环境没有自带AES/CBC/PKCS7Padding包,所以需要更改下本地java环境
1.在 jdk安装目录中(%JAVA_HOME%jrelibext)添加 jar 包 bcprov-jdk16-1.46.jar
2.在 jdk安装目录下( %JAVA_HOME%jrelibsecurity )修改 java.security 文件,将第74行(我的是在74行)的 security.provider.7=com.sun.security.sasl.Provider 替换为security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
3. burp安装插件脚本
miniprogram.py:
#!python
#!/usr/bin/env python
# -*- coding:utf-8 -*-
import base64
from java.util import Base64
from java.lang import String
from javax.crypto import Cipher
from javax.crypto.spec import IvParameterSpec, SecretKeySpec
from java.security import *
from burp import IBurpExtender, IProxyListener
from burp import IBurpExtender, ITab
from java.awt import Container,Dimension,Rectangle,Toolkit
from javax.swing import SwingConstants
from javax.swing import JPanel
from javax.swing import JButton
from javax.swing import JTextField
from javax.swing import JLabel
from javax.swing import JTextArea
class BurpExtender(IBurpExtender, ITab):
def registerExtenderCallbacks(self, callbacks):
self._cb = callbacks
self._hp = callbacks.getHelpers()
self._cb.setExtensionName('MiniProgram Decrypto')
print 'successful!'
self.mainPanel = JPanel()
self.sessionKey = JLabel("sessionKey:")
self.sessionKey.setHorizontalAlignment(SwingConstants.LEFT);
self.iv = JLabel("iv:")
self.tfsessionKey = JTextField(50)
self.tfiv = JTextField(50)
self.textAreaPlaintext = JTextArea(30, 40)
self.textAreaPlaintext.setLineWrap(True)
self.textAreaPlaintext2 = JTextArea(30, 40)
self.textAreaPlaintext2.setLineWrap(True)
self.DecryptoBtn = JButton('Decrypto >', actionPerformed=self.decrypto_onClick)
self.CryptoBtn = JButton('< Crypto', actionPerformed=self.encrypto_onClick)
self.mainPanel.add(self.sessionKey)
self.mainPanel.add(self.tfsessionKey)
self.mainPanel.add(self.iv)
self.mainPanel.add(self.tfiv)
self.mainPanel.add(self.textAreaPlaintext)
self.mainPanel.add(self.CryptoBtn)
self.mainPanel.add(self.DecryptoBtn)
self.mainPanel.add(self.textAreaPlaintext2)
self._cb.customizeUiComponent(self.mainPanel)
self._cb.addSuiteTab(self)
def decrypto_onClick(self, event):
self.textAreaPlaintext2.setText("")
session_key = self.tfsessionKey.getText()
iv = self.tfiv.getText()
payload = self.textAreaPlaintext.getText().rstrip()
#self.textAreaPlaintext2.append(payload)
str = self.decrypto(payload, session_key, iv)
self.textAreaPlaintext2.append(str)
def encrypto_onClick(self, event):
self.textAreaPlaintext.setText("")
session_key = self.tfsessionKey.getText()
iv = self.tfiv.getText()
payload = self.textAreaPlaintext2.getText().rstrip()
str = self.encrypto(payload, session_key, iv)
#self.textAreaPlaintext.append('55555555555555555')
self.textAreaPlaintext.append(String(str))
def getTabCaption(self):
return 'MiniProgram Decrypto'
def getUiComponent(self):
return self.mainPanel
def encrypto(self, payload, key, iv):
aesKey = SecretKeySpec(base64.b64decode(key), "AES")
aesIV = IvParameterSpec(base64.b64decode(iv))
cipher = Cipher.getInstance("AES/CBC/PKCS7Padding","BC")
cipher.init(Cipher.ENCRYPT_MODE, aesKey, aesIV)
encrypted = cipher.doFinal(payload)
#self.textAreaPlaintext.append('444444444444')
return Base64.getEncoder().encode(encrypted)
def decrypto(self, payload, key, iv):
decoded = base64.b64decode(payload)
#self.textAreaPlaintext2.append(decoded)
aesKey = SecretKeySpec(base64.b64decode(key), "AES")
#self.textAreaPlaintext2.append(key)
#self.textAreaPlaintext2.append(base64.b64decode(key))
#self.textAreaPlaintext2.append('11111111111111111111111111111')
aesIV = IvParameterSpec(base64.b64decode(iv))
#self.textAreaPlaintext2.append(iv)
#self.textAreaPlaintext2.append(base64.b64decode(iv))
#self.textAreaPlaintext2.append('11111111111111111111111111111')
cipher = Cipher.getInstance("AES/CBC/PKCS7Padding","BC")
#self.textAreaPlaintext2.append('2222222222')
cipher.init(Cipher.DECRYPT_MODE, aesKey, aesIV)
#self.textAreaPlaintext2.append('333333333333333333')
self.textAreaPlaintext2.append(String(cipher.doFinal(decoded)))
return String(cipher.doFinal(decoded))
批量加解密脚本,请回复公众号“小程序批量脚本”,即可获取附件
原文始发于微信公众号(渗透测试研究中心):小程序加解密合集
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论