whw1sfb is a Research Scientist and security-focused software engineer with 10 years of hands-on experience building tooling for sensitive-data discovery and cryptographic testing. They contribute to open-source projects that bridge security research and practical tooling, notably developing a heap-dump spider that extracts credentials and API keys and a Burp Suite plugin that integrates AES/RSA/DES and ExecJs crypto workflows into Intruder. Comfortable across back-end parsing, OQL-based analysis, and full-stack UI integration, they turn deep technical findings into usable features for practitioners. Based on a global, curiosity-driven outlook ("The earth"), they combine a hacker mentality with disciplined software engineering. A not-obvious strength is their ability to unify low-level data extraction with user-facing interfaces, enabling both automated discovery and immediate analyst action.
Contributions:2 releases, 28 commits, 2 PRs in 1 year
Contributions summary:Whw1sfb primarily contributed to the development of a heap dump information extraction tool. Their work involved adding new spider classes to extract sensitive information, such as database credentials and API keys, from different data sources within a heap dump. The user implemented functionalities to parse and extract sensitive information using OQL queries. The user also added and refined existing features to include support for additional data sources and updated OQL snippets.
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
Role in this project:
Full-stack Developer
Contributions:15 releases, 106 commits, 1 PR in 2 years 1 month
Contributions summary:Whw1sfb primarily worked on implementing the user interface (UI) for various cryptographic functionalities within the BurpCrypto plugin. They added a UI for AES, RSA, DES and ExecJs settings with options for selecting algorithms, key formats, and output formats. Moreover, the user integrated the UI with Intruder payload processors, allowing for the customization and application of cryptographic operations within Burp Suite's Intruder tool. Furthermore, the user added feature to get plaintext from selected text, supporting quick crypto features.
fuzz-testingctfburp-extensionsrsaburpsuite
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.