Skip to content

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

License

Notifications You must be signed in to change notification settings

Anof-cyber/PyCript

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PyCript

Pycript is a Burp Suite extension that enables users to encrypt and decrypt requests and responses for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using any language like Python, Go, Nodeja, C, Bash etc allowing for a tailored encryption/decryption process for specific needs.

Deploy GitHub GitHub closed issues GitHub Release Date GitHub release (latest by date including pre-releases) GitHub last commit

Support

Sponsor Anof-cyber

Documentation

70686099-3855f780-1c79-11ea-8141-899e39459da2

Reference

Requirements

  • Burp Suite with Jython

Features

  • Encrypt & Decrypt the Selected Strings from Request Response
  • View and Modify the encrypted request in plain text
  • Decrypt Multiple Requests
  • Perform Burp Scanner, SQL Map, Intruder Bruteforce or any Automation in Plain Text
  • Auto Encrpyt the request on the fly
  • Complete freedom for encryption and decryption logic
  • Ability to handle encryption and decryption even with Key and IV in Request Header or Body

Roadmap

  • Response Encryption & Decryption
  • Support for GET Paramters
  • Allowing Edit Headers for Request Type Custom Request
  • Supporting multiple languages for encryption and decryption

Demo Code

Screenshots

PyCript

PyCript

PyCript