hzhsec

hzhsec / AICryptoProxy

Public

AICryptoProxy 是一个基于 Claude Code(https://claude.ai/code) + MCP(https://docs.claude.ai) 的智能渗透测试框架,专为解决前端加密 Web 应用的流量加解密问题而设计。

12
1
89% credibility
Found May 09, 2026 at 12 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

AICryptoProxy is an AI-assisted framework that automates analyzing JavaScript encryption in web apps to generate traffic proxies for plain-text inspection and modification during security testing.

How It Works

1
🔍 Spot a locked website

You find a website that hides its private messages behind secret codes, making it tough to peek inside for testing.

2
📦 Grab the smart helper

Download this AI-powered toolkit designed to unlock those hidden messages automatically.

3
⚙️ Get things ready

Put a few basic programs in place so the AI can think and handle web traffic smoothly.

4
🤖 Tell the AI your target

Whisper the website address to the AI, and watch it swiftly figure out the hiding tricks in seconds.

5
🛠️ Receive unlock tools

The AI hands you custom pieces to decode incoming messages and re-hide outgoing ones perfectly.

6
🔗 Link your browser and tester

Point your web browser through the unlock path and connect it to your message inspector app.

7
🌐 Surf and spy freely

Visit the site, and now all secret messages appear in plain sight for easy reading and tweaking.

Test complete

You effortlessly modify and replay messages to uncover weaknesses, saving hours of hard work.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 12 to 12 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is AICryptoProxy?

AICryptoProxy is a Python framework built on Claude Code (https://claude.ai/code) and MCP (https://docs.claude.ai) that automates proxying for web apps with frontend encryption. Feed it a target URL via Claude's skills, and it reverse-engineers JS crypto logic to generate mitmproxy scripts for decrypting inbound traffic and re-encrypting outbound, chaining seamlessly to Burp Suite for plaintext inspection. Pentestors get clear traffic in seconds, no manual reversing needed.

Why is it gaining traction?

It crushes the grind of hunting encryption functions, extracting keys, and scripting mitmproxy by itself—AI handles obfuscated JS, dynamic keys, and complex algos like AES or RSA via two modes: direct crypto proxies or a zero-reverse JSRPC bridge. Users rave about one-line Claude prompts yielding tested startup commands and analysis reports. For web security pros, it's a time-saver over grep-and-debug workflows.

Who should use this?

Penetration testers intercepting encrypted API calls in Burp. Security auditors probing frontend-heavy apps like SPAs with JS crypto. Bug bounty hunters and CTF solvers facing time-boxed web crypto challenges.

Verdict

Worth testing for niche web pentesting—solid README with demos and commands, but 12 stars and 0.9% credibility score signal early-stage maturity; no tests or broad validation yet. Grab it if manual JS reversing burns you out, but validate proxies before real ops.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.