/pycript

Burp Suite extension for bypassing client-side encryption using custom logic for manual and automation testing.

Primary LanguagePythonMIT LicenseMIT

PyCript

Pycript is a Burp Suite extension that enables users to encrypt and decrypt requests and responses for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using any language like Python, Go, Nodeja, C, Bash etc allowing for a tailored encryption/decryption process for specific needs.

Deploy GitHub GitHub closed issues GitHub Release Date GitHub release (latest by date including pre-releases) GitHub last commit

Support

Sponsor Anof-cyber

Documentation

70686099-3855f780-1c79-11ea-8141-899e39459da2

Reference

Requirements

  • Burp Suite with Jython

Features

  • Encrypt & Decrypt the Selected Strings from Request Response
  • View and Modify the encrypted request in plain text
  • Decrypt Multiple Requests
  • Perform Burp Scanner, SQL Map, Intruder Bruteforce or any Automation in Plain Text
  • Auto Encrpyt the request on the fly
  • Complete freedom for encryption and decryption logic
  • Ability to handle encryption and decryption even with Key and IV in Request Header or Body

Roadmap

  • Response Encryption & Decryption
  • Support for GET Paramters
  • Allowing Edit Headers for Request Type Custom Request
  • Supporting multiple languages for encryption and decryption

Demo Code

Screenshots

PyCript

PyCript

PyCript