Crypto Attacker Burp Plugin

I recently wrote a burp plugin for common crypto attacks in web apps. Check out the code on github (I also submitted to BApp store a couple days ago). I hope to add more modules as time goes on, but to start with, here is what it has:

• Active Scanning to detect padding Oracle attacks
• Active Scanning capabilities to detect input being encrypted with ECB and reflected back (can be slow)
• Attack tab to encrypt/decrypt padding oracles
• Attack tab to decrypt ECB where you control part of the request

Here are some slides about it, and giving some background on the attacks it’s doing:

And some screenshots of it in action:

I hope this is useful to some of you!