Can anybody help me figure out this homebrew encryption technique?
Observing the network communication, I see an encrypted content field.
Only the content field of the HTTP request is encrypted, not the headers.
- It is a stream cipher, varying length with no common/obvious multiple. (eg; 292, 1204, 7055, 9119)
- Raw content is of the media type x-www-form-urlencoded, if the header is to be trusted.
Therefore, the content may be of the form var=something&var2=somethingelse
- Absolutely not random, I see repeated patterns not only among several requests, but also some within the same request. All requests start of with the same series of characters, with just one or two changing.
- Percentage of ASCII data/Total data in the encrypted content is around 57-62%
- Running the data through ent, I get low-entropy suggesting results.
I assume no widely-used,well-established encryption algorithm does all of the above.
Sample encrypted content in ASCII(dots represent out-of-range):