Created
March 4, 2016 16:51
-
-
Save zuBux/6fc95fd90bfa16f81e81 to your computer and use it in GitHub Desktop.
mitmproxy plugin for decrypting Quizdom's server answers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For more information you can visit the relevant blog post https://projectzero.gr/en/2015/09/the-keys-to-the-quizdom/ | |
# Sensitive data (keys,iv etc.) have been removed for obvious reasons | |
import json | |
from libmproxy.protocol.http import decoded | |
from aesdecr import AESCipher | |
from Crypto.Cipher import AES | |
from Crypto import Random | |
BS = 16 | |
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS) | |
unpad = lambda s : s[0:-ord(s[-1])] | |
class AESCipher: | |
def __init__( self, key ): | |
""" | |
Requires hex encoded param as a key | |
""" | |
self.key = key.decode('hex') | |
def encrypt( self, raw ): | |
""" | |
Returns hex encoded encrypted value! | |
""" | |
raw = pad(raw) | |
iv = Random.new().read(AES.block_size); | |
cipher = AES.new( self.key, AES.MODE_CBC, iv ) | |
return ( iv + cipher.encrypt( raw ) ).encode("hex") | |
def decrypt( self, enc ): | |
""" | |
Requires hex encoded param to decrypt | |
""" | |
enc = enc.decode("hex") | |
iv = "abcdfghijklmnopq" | |
cipher = AES.new(self.key, AES.MODE_CBC, iv ) | |
return unpad(cipher.decrypt( enc)) | |
def response(context, flow): | |
key = "12345678901234567890123456789012" | |
decryptor = AESCipher(key) | |
with decoded(flow.response): # automatically decode gzipped responses. | |
cipher = flow.response.content | |
cipher = cipher.strip() | |
if (flow.request.host == "yourhost.com"): | |
decr_body = decryptor.decrypt(cipher) | |
jsn = json.loads(decr_body) | |
with open('output','a') as file: | |
if "questions" in jsn: | |
q1 = jsn['questions']['q1']['correctAnswer'] | |
q2 = jsn['questions']['q2']['correctAnswer'] | |
q3 = jsn['questions']['q3']['correctAnswer'] | |
q4 = jsn['questions']['q4']['correctAnswer'] | |
ans = "Q1 Ans: %s Q2 Ans: %s \nQ3 Ans: %s Q4 Ans: %s\n" %(q1,q2,q3,q4) | |
file.write("------------------------------------") | |
file.write(ans) | |
else: | |
raise ValueError("Not a question") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment