If the file is unlocked in HTTP Custom but you can’t export JSON due to app restrictions, you can:
Simpler alternative: Use a MITM proxy like Burp Suite to intercept the config’s network transmission when imported from a URL (only possible if the file loads from an online source).
Step 1: Open the .hc file in a text editor.
Step 2: Look for patterns:
Step 3: Use CyberChef:
Example:
Encrypted: eyJob3N0Ijoic2gxLmNvbSJ9
Decoded via Base64: "host":"sg1.com"
The first step is to identify the encryption algorithm used to encrypt the custom HTTP file. This information can usually be found in the file's documentation or by analyzing the file's headers. how to decrypt http custom file
"type": "SSH",
"server": "sg1.example.com",
"port": 443,
"payload": "CONNECT [host_port] HTTP/1.1[crlf]Host: google.com[crlf][crlf]",
"sni": "cloudfront.net",
"proxy": "127.0.0.1:8080"
Paper configuration files (.yml) are plain text files. They are not encrypted. However, they can appear "encrypted" or unreadable for two common reasons:
Paid configs sometimes use AES-128-CBC. You’ll notice the file starts with a fixed header like Salted__ (for OpenSSL) or AES:.
What you need:
Decryption example (Python with pycryptodome):
from Crypto.Cipher import AES import base64encrypted_b64 = open("premium.hc").read() ciphertext = base64.b64decode(encrypted_b64) key = b"mysecretkey12345" # 16, 24, or 32 bytes iv = ciphertext[:16] actual_ct = ciphertext[16:]
cipher = AES.new(key, AES.MODE_CBC, iv) decrypted = cipher.decrypt(actual_ct) print(decrypted.decode(errors="ignore"))If the file is unlocked in HTTP Custom
Finding the AES key: