PyCript: Burp Suite extension that allows for bypassing client-side encryption

PyCript

The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass security measures. The extension also offers the ability to customize the encryption and decryption process by writing custom logic using JavaScript and Node.js, making it a highly adaptable tool for various needs. Additionally, it supports both manual and automated testing, as well as custom encryption/decryption plugins, making it a versatile solution for different penetration testing scenarios.

Features

•  Encrypt & Decrypt the Selected Strings from Request Response
•  View and Modify the encrypted request in plain text
•  Decrypt Multiple Requests
• Perform Burp Scanner, Sql Map, Intruder Bruteforce, or any Automation in Plain Text
•  Auto Encrpyt the request on the fly
•  Complete freedom for encryption and decryption logic
•  Ability to handle encryption and decryption even with Key and IV in Request Header or Body

The flow of the Extension

• Load the Encryption and Decryption JavaScript File in the extension
• Select the Request Type according to your request and encryption
• Add the URL in Burp Suite Scope
• Go to Repeater, Proxy Intercept, Proxy History, Intruder, Target
• You can see a new tab in the request message named PyCript
• If everything is setup correctly and the extension is given the correct encryption decryption code you see the decrypted text
• Edit the decrypted text and send the request
• The extension will take care of the encryption of your modified value

Install & Use

Copyright (c) 2022 AnoF