Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Anof-cyber/PyCript
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty
https://github.com/Anof-cyber/PyCript
application-security bug-bounty bugbounty burp-extensions burp-plugin burpsuite burpsuite-extender cybersecurity encryption infosec penetration-testing pentesting python security
Last synced: 25 days ago
JSON representation
Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty
- Host: GitHub
- URL: https://github.com/Anof-cyber/PyCript
- Owner: Anof-cyber
- License: mit
- Created: 2023-01-25T16:33:50.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-07-07T08:47:41.000Z (5 months ago)
- Last Synced: 2024-11-13T05:02:09.380Z (about 1 month ago)
- Topics: application-security, bug-bounty, bugbounty, burp-extensions, burp-plugin, burpsuite, burpsuite-extender, cybersecurity, encryption, infosec, penetration-testing, pentesting, python, security
- Language: Python
- Homepage: https://pycript.souravkalal.tech/
- Size: 1.22 MB
- Stars: 186
- Watchers: 5
- Forks: 24
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - PyCript - Burp Suite extension that allows for bypassing client-side encryption using custom logic for manual and automation testing with Python and NodeJS. It enables efficient testing of encryption methods and identification of vulnerabilities in the encryption process. (Cryptography / SSRF)
- awesome-hacking-lists - Anof-cyber/PyCript - Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty (Python)
README
# PyCript
Pycript is a Burp Suite extension that enables users to encrypt and decrypt requests and responses for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using any language like Python, Go, Nodeja, C, Bash etc allowing for a tailored encryption/decryption process for specific needs.
[](https://github.com/Anof-cyber/PyCript-Docs/actions/workflows/static.yml)
[](https://github.com/sponsors/Anof-cyber)
[](https://twitter.com/ano_f_)[](https://www.linkedin.com/in/sourav-kalal/)
## Support
## Documentation
## Reference
- [Youtube - PyCript Demo](https://www.youtube.com/watch?v=J8KE5VR8yDk)
- [Bypassing Asymmetric Client Side Encryption Without Private Key](https://infosecwriteups.com/bypassing-asymmetric-client-side-encryption-without-private-key-822ed0d8aeb6)
- [Manipulating Encrypted Traffic using PyCript](https://infosecwriteups.com/manipulating-encrypted-traffic-using-pycript-b637612528bb)
## Requirements
- Burp Suite with Jython
## Features
- [X] Encrypt & Decrypt the Selected Strings from Request Response
- [X] View and Modify the encrypted request in plain text
- [X] Decrypt Multiple Requests
- [X] Perform Burp Scanner, SQL Map, Intruder Bruteforce or any Automation in Plain Text
- [X] Auto Encrpyt the request on the fly
- [X] Complete freedom for encryption and decryption logic
- [X] Ability to handle encryption and decryption even with Key and IV in Request Header or Body
## Roadmap
- [X] Response Encryption & Decryption
- [X] Support for GET Paramters
- [X] Allowing Edit Headers for Request Type ```Custom Request```
- [X] Supporting multiple languages for encryption and decryption
## Demo Code
- Repository for Encryption Decryption PyCript Template [Code Repository ](https://github.com/Anof-cyber/PyCript-Template)
## Screenshots
