web-crypto-proxy

Community

Auto-analyze web crypto, enable plaintext BurpSuite testing.

AuthorArg3Sea
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Manual reverse engineering of frontend web encryption logic is extremely time-consuming and blocks penetration testers from using plaintext payloads in tools like Burp Suite for common security testing tasks such as brute-forcing login credentials or testing for SQL injection vulnerabilities.

Core Features & Use Cases

  • Automated Encryption Analysis: Automatically fetches target website JS files, identifies encryption algorithms (RSA, AES, SM2/SM4) and extracts corresponding keys without manual intervention.
  • Bidirectional Transparent Proxy: Generates ready-to-run mitmproxy scripts that automatically encrypt outgoing request fields and decrypt incoming response data, so testers can work with plaintext payloads directly in Burp Suite.
  • Use Case: Authorized security testers can use this skill to test encrypted login APIs by inputting plaintext username and password payloads in Burp Suite Intruder, with the proxy handling all encryption automatically.

Quick Start

Use the web-crypto-proxy skill by providing the URL of the target website you have explicit authorization to test, and it will automatically generate a working mitmproxy script for transparent encryption and decryption.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: web-crypto-proxy
Download link: https://github.com/Arg3Sea/web-crypto-proxy/archive/main.zip#web-crypto-proxy

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.