0x03 How to locate the position of iv and key

All vulnerabilities involved in the article have been repaired, all sensitive information has been coded, and the article is only for the purpose of sharing experience, please do not take it seriously. Unauthorized attacks are illegal!

0x01 Significance of encryption and decryption

At present, the penetration testing has enabled me to find that more and more systems not only focus on vulnerability repair, but also encrypt some parameters to interfere with the operation of crawlers or penetration testing.

At my beginner stage, when I saw the encryption method shown in the figure below, my first reaction was to decode it with base64, and if it doesn't work, then this system is secure

But in fact, these are AES encrypted, and the general style is like this

AAAAA+AAAAA/AAA=

It can be understood that among the characters and features of base64 and "==", the general inclusion of characters such as "+" and "/" suggests AES encryption

0x02 Overview of ciphertext principle

The key to decrypting AES lies in obtaining its parameters: secret key (KEY) and offset (IV)
However, AES has different modes, and here are the two most common ones: CBC, ECB
CBC requires both the secret key (KEY) and the offset (IV) to decrypt
ECB only needs the secret key (KEY) to decrypt
Then you can debug through the encryption and decryption website

Online AES encryption and decryption, AES online encryption and decryption, AES encryption and decryption -- Chacuo.net

For a specific explanation of AES, please refer to the following article
Detailed introduction and implementation of AES encryption algorithm - CSDN blog

0x03 How to locate the position of iv and key

I usually open the F12 console directly to search for the following keywords

crypt (This is a framework often cited by AES, so searching for this term often leads to the discovery of encryption and decryption method names similar to encrypt or decrypt)

When you are not very good at it at first, just set breakpoints on all such related methods

Then the encryption function will start in debug mode

Or when you reach this step of decrypt decryption method, you can directly call the encryption data in the console as well
Just input the encrypted data as shown in decrypt(data) above, for example decrypt("AAAA+AAA/AA=")

0x04 AES batch encryption

For batch encryption with AES, you can use the BURP plugin BurpCryptoOr if you want to encrypt locally, you can use python
I wrote this, lazy people can use it

import base64
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding

def encrypt_file(input_filename, output_filename, key, iv):
backend = default_backend()
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)

with open(input_filename, 'r', encoding='utf-8') as input_file, open(output_filename, 'w', encoding='utf-8') as output_file:
for line in input_file:
encryptor = cipher.encryptor()  # Create a new Encryptor for each line
padder = padding.PKCS7(128).padder()
padded_data = padder.update(line.encode('utf-8')) + padder.finalize()
encrypted_data = encryptor.update(padded_data) + encryptor.finalize()

# Convert binary data to a Base64 encoded string
encoded_data = base64.b64encode(encrypted_data).decode('utf-8')
output_file.write(encoded_data + '\n')  # Add a newline character after each line

# Use predefined key and IV
key = b'5rer641QMOG9FI62PCfkzB4Rx9B3akti'  # Ensure it is 32 bytes long
iv = b'12hOaPl0RDfSx4pJ'  # Ensure it is 16 bytes long

input_filename = 'plaintext.txt'
output_filename = 'ciphertext.txt'

encrypt_file(input_filename, output_filename, key, iv)