Awesome
PyCript
<p align="center"> <img src="https://i.ibb.co/KqGXSq0/Py-Cript-Banner.png" /> </p>Pycript is a Burp Suite extension that enables users to encrypt and decrypt requests and responses for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using any language like Python, Go, Nodeja, C, Bash etc allowing for a tailored encryption/decryption process for specific needs.
Support
<a href="https://www.buymeacoffee.com/AnoF"><img src="https://img.buymeacoffee.com/button-api/?text=Buy me a coffee&emoji=&slug=AnoF&button_colour=FF5F5F&font_colour=ffffff&font_family=Arial&outline_colour=000000&coffee_colour=FFDD00" /></a>
<a href="https://github.com/sponsors/Anof-cyber"><img src="https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86" alt="Sponsor Anof-cyber" width="230" height="50"></a>
Documentation
<a href="https://pycript.souravkalal.tech/#/"><img src="https://i.ibb.co/NLTJ6MR/70686099-3855f780-1c79-11ea-8141-899e39459da2.png" alt="70686099-3855f780-1c79-11ea-8141-899e39459da2" border="0"></a>
Reference
- Youtube - PyCript Demo
- Bypassing Asymmetric Client Side Encryption Without Private Key
- Manipulating Encrypted Traffic using PyCript
Requirements
- Burp Suite with Jython
Features
- Encrypt & Decrypt the Selected Strings from Request Response
- View and Modify the encrypted request in plain text
- Decrypt Multiple Requests
- Perform Burp Scanner, SQL Map, Intruder Bruteforce or any Automation in Plain Text
- Auto Encrpyt the request on the fly
- Complete freedom for encryption and decryption logic
- Ability to handle encryption and decryption even with Key and IV in Request Header or Body
Roadmap
- Response Encryption & Decryption
- Support for GET Paramters
- Allowing Edit Headers for Request Type
Custom Request
- Supporting multiple languages for encryption and decryption
Demo Code
- Repository for Encryption Decryption PyCript Template Code Repository