Burp与Python深度联动：AES加密数据自动化处理实战指南<\/h1>

一、核心场景与需求分析<\/h2>

在渗透测试过程中，经常会遇到API数据采用AES加密传输的场景，这给安全测试带来了挑战。主要需求包括：<\/p>

密文实时解析<\/strong>：能够快速解密Burp拦截的加密请求体，以便分析业务逻辑<\/li>
加解密流程闭环<\/strong>：实现从请求加密发送到响应解密验证的全链路自动化<\/li>

密钥动态管理<\/strong>：支持多种密钥加载方式（硬编码、环境变量等）<\/li> <\/ol>
二、AES解密核心算法实现<\/h2>
1. 基础解密函数设计<\/h3>
from<\/span> Crypto.Cipher import<\/span> AES <\/span><\/span>from<\/span> Crypto.Util.Padding import<\/span> unpad <\/span><\/span>import<\/span> base64 <\/span><\/span> <\/span><\/span># 密钥定义：16字节HEX字符串转字节(AES-128)<\/span> <\/span><\/span>AES_KEY =<\/span> bytes.<\/span>fromhex('E2842C540F0810C3F11F42427F48A3DE'<\/span>) <\/span><\/span> <\/span><\/span>def<\/span> aes_ecb_decrypt<\/span>(ciphertext: str, key: bytes) -><\/span> str: <\/span><\/span> """ <\/span><\/span><\/span> ECB模式AES解密(含Base64解码与PKCS7去填充) <\/span><\/span><\/span> :param ciphertext: Base64编码的密文字符串 <\/span><\/span><\/span> :param key: 16\/24\/32字节的AES密钥(字节类型) <\/span><\/span><\/span> :return: 解密后的明文字符串 <\/span><\/span><\/span> """<\/span> <\/span><\/span> # 1. Base64解码密文<\/span> <\/span><\/span> cipher_bytes =<\/span> base64.<\/span>b64decode(ciphertext) <\/span><\/span> <\/span><\/span> # 2. 创建ECB模式解密器<\/span> <\/span><\/span> cipher =<\/span> AES.<\/span>new(key, AES.<\/span>MODE_ECB) <\/span><\/span> <\/span><\/span> # 3. 执行解密<\/span> <\/span><\/span> decrypted_bytes =<\/span> cipher.<\/span>decrypt(cipher_bytes) <\/span><\/span> <\/span><\/span> # 4. 去除PKCS7填充<\/span> <\/span><\/span> plaintext_bytes =<\/span> unpad(decrypted_bytes, AES.<\/span>block_size) <\/span><\/span> <\/span><\/span> # 5. 字节转UTF-8字符串<\/span> <\/span><\/span> return<\/span> plaintext_bytes.<\/span>decode('utf-8'<\/span>) <\/span><\/span> <\/span><\/span># 示例解密调用<\/span> <\/span><\/span>sample_cipher =<\/span> "zWJLUIlnTNe4SnZqvnk0BbS1WHyi8AxZnCyFw1VuZ+vuKMHczygw6a9Owd89Dl6NNAobn\/zkWw4BFDQVLX0uUg=="<\/span> <\/span><\/span>print(f<\/span>"原始密文: <\/span>{<\/span>sample_cipher}<\/span>"<\/span>) <\/span><\/span>print(f<\/span>"解密结果: <\/span>{<\/span>aes_ecb_decrypt(sample_cipher, AES_KEY)}<\/span>"<\/span>) <\/span><\/span><\/code><\/pre>2. 关键技术点解析<\/h3> ECB模式特性<\/strong>：<\/p> 相同明文块生成相同密文块，存在模式缺陷<\/li> 适合单次短数据解密，如API参数解密<\/li> 实际应用中需验证是否为弱加密场景<\/li> <\/ul> <\/li> 填充算法<\/strong>：<\/p> 使用unpad<\/code>自动处理PKCS7填充，兼容标准加密接口<\/li> 若服务端使用非标准填充(如ISO 10126)，需自定义去填充逻辑<\/li> <\/ul> <\/li> <\/ol> 三、Burp联动框架封装<\/h2> 1. 全功能加解密类设计<\/h3> import<\/span> json <\/span><\/span>from<\/span> Crypto.Cipher import<\/span> AES <\/span><\/span>from<\/span> Crypto.Util.Padding import<\/span> pad, unpad <\/span><\/span>import<\/span> base64 <\/span><\/span> <\/span><\/span>class<\/span> BurpAESHandler<\/span>: <\/span><\/span> def<\/span> __init__(self, key: str =<\/span> None<\/span>): <\/span><\/span> """ <\/span><\/span><\/span> 初始化AES处理器 <\/span><\/span><\/span> :param key: 16\/24\/32字节HEX格式密钥(默认使用硬编码密钥) <\/span><\/span><\/span> """<\/span> <\/span><\/span> self.<\/span>key =<\/span> bytes.<\/span>fromhex(key) if<\/span> key else<\/span> AES_KEY <\/span><\/span> <\/span><\/span> def<\/span> encrypt_request<\/span>(self, header: dict, body: dict) -><\/span> tuple: <\/span><\/span> """ <\/span><\/span><\/span> 加密HTTP请求体(JSON转AES加密) <\/span><\/span><\/span> :param header: HTTP请求头字典 <\/span><\/span><\/span> :param body: 请求体字典 <\/span><\/span><\/span> :return: (加密后的请求头, 加密后的请求体) <\/span><\/span><\/span> """<\/span> <\/span><\/span> # 1. 序列化请求体为JSON字符串<\/span> <\/span><\/span> json_body =<\/span> json.<\/span>dumps(body) <\/span><\/span> <\/span><\/span> # 2. 创建AES加密器(ECB模式)<\/span> <\/span><\/span> cipher =<\/span> AES.<\/span>new(self.<\/span>key, AES.<\/span>MODE_ECB) <\/span><\/span> <\/span><\/span> # 3. 填充并加密数据<\/span> <\/span><\/span> padded_data =<\/span> pad(json_body.<\/span>encode('utf-8'<\/span>), AES.<\/span>block_size) <\/span><\/span> encrypted_bytes =<\/span> cipher.<\/span>encrypt(padded_data) <\/span><\/span> <\/span><\/span> # 4. Base64编码加密结果<\/span> <\/span><\/span> encrypted_body =<\/span> base64.<\/span>b64encode(encrypted_bytes).<\/span>decode('utf-8'<\/span>) <\/span><\/span> <\/span><\/span> # 5. 更新请求头(Content-Type等)<\/span> <\/span><\/span> new_header =<\/span> header.<\/span>copy() <\/span><\/span> new_header['Content-Type'<\/span>] =<\/span> 'application\/aes-encrypted'<\/span> <\/span><\/span> <\/span><\/span> return<\/span> new_header, encrypted_body <\/span><\/span> <\/span><\/span> def<\/span> decrypt_response<\/span>(self, encrypted_response: str) -><\/span> dict: <\/span><\/span> """ <\/span><\/span><\/span> 解密HTTP响应体 <\/span><\/span><\/span> :param encrypted_response: 加密的响应体(Base64格式) <\/span><\/span><\/span> :return: 解密后的JSON字典 <\/span><\/span><\/span> """<\/span> <\/span><\/span> # 1. Base64解码<\/span> <\/span><\/span> cipher_bytes =<\/span> base64.<\/span>b64decode(encrypted_response) <\/span><\/span> <\/span><\/span> # 2. 创建AES解密器<\/span> <\/span><\/span> cipher =<\/span> AES.<\/span>new(self.<\/span>key, AES.<\/span>MODE_ECB) <\/span><\/span> <\/span><\/span> # 3. 解密数据<\/span> <\/span><\/span> decrypted_bytes =<\/span> cipher.<\/span>decrypt(cipher_bytes) <\/span><\/span> <\/span><\/span> # 4. 去除填充<\/span> <\/span><\/span> plaintext_bytes =<\/span> unpad(decrypted_bytes, AES.<\/span>block_size) <\/span><\/span> <\/span><\/span> # 5. 解码JSON<\/span> <\/span><\/span> return<\/span> json.<\/span>loads(plaintext_bytes.<\/span>decode('utf-8'<\/span>)) <\/span><\/span><\/code><\/pre>2. Burp扩展集成要点<\/h3> Burp API集成<\/strong>：<\/p> 通过IBurpExtender<\/code>接口实现扩展<\/li> 使用IExtensionHelpers<\/code>处理HTTP消息<\/li> 注册IHttpListener<\/code>监听HTTP流量<\/li> <\/ul> <\/li> 自动化处理流程<\/strong>：<\/p> 拦截请求时自动加密敏感参数<\/li> 拦截响应时自动解密返回数据<\/li> 支持修改后重新加密发送<\/li> <\/ul> <\/li> 密钥管理策略<\/strong>：<\/p> 硬编码密钥（测试环境）<\/li> 配置文件读取<\/li> 环境变量获取<\/li> 动态密钥协商（如从登录响应中提取）<\/li> <\/ul> <\/li> <\/ol> 四、实战应用场景<\/h2> 1. 渗透测试中的典型用例<\/h3> 加密参数篡改测试<\/strong>：<\/p> 解密请求参数<\/li> 修改关键值（如userID、price等）<\/li> 重新加密发送<\/li> 观察服务端响应<\/li> <\/ul> <\/li> 敏感信息泄露检测<\/strong>：<\/p> 自动解密响应<\/li> 检查是否包含敏感数据（密码、token等）<\/li> 可结合正则表达式进行模式匹配<\/li> <\/ul> <\/li> 加密算法强度验证<\/strong>：<\/p> 检测是否使用弱加密模式（如ECB）<\/li> 验证密钥长度是否足够（至少128位）<\/li> 检查是否使用固定IV（CBC模式）<\/li> <\/ul> <\/li> <\/ol> 2. 性能优化建议<\/h3> 缓存机制<\/strong>：<\/p> 缓存常用密钥<\/li> 缓存解密结果（相同密文）<\/li> <\/ul> <\/li> 并行处理<\/strong>：<\/p> 多线程处理批量解密任务<\/li> 异步I\/O操作<\/li> <\/ul> <\/li> 选择性解密<\/strong>：<\/p> 只解密特定路径的请求<\/li> 基于内容类型过滤<\/li> <\/ul> <\/li> <\/ol> 五、安全注意事项<\/h2> 密钥保护<\/strong>：<\/p> 不要在代码中硬编码生产环境密钥<\/li> 使用密钥管理系统<\/li> 实施最小权限原则<\/li> <\/ul> <\/li> 错误处理<\/strong>：<\/p> 妥善处理解密失败情况<\/li> 不要暴露详细错误信息<\/li> <\/ul> <\/li> 日志记录<\/strong>：<\/p> 记录解密操作<\/li> 审计密钥使用情况<\/li> <\/ul> <\/li> <\/ol> 六、扩展功能<\/h2> 多算法支持<\/strong>：<\/p> 添加AES-CBC、AES-GCM等模式<\/li> 支持RSA等其他加密算法<\/li> <\/ul> <\/li> 智能识别<\/strong>：<\/p> 自动检测加密数据<\/li> 猜测加密算法和模式<\/li> <\/ul> <\/li> 可视化界面<\/strong>：<\/p> 在Burp中显示明文\/密文对比<\/li> 提供便捷的加解密操作按钮<\/li> <\/ul> <\/li> <\/ol> 通过这套完整的AES加解密实战框架，安全测试人员可以高效地处理加密通信场景，显著提升渗透测试的效率和质量。<\/p>