I'm trying to write an extension to test a mobile API endpoint that uses a homebrew message level encryption format. Basically there is a pre-shared AES key between the mobile app and the server, and the JSON POST data gets AES encrypted before the request is sent. I want to transparently decrypt and re-encrypt this data so the active scanner can inject into the encrypted payload. Is this feasible with a scanner or http listener?
↧