Pycript is a Burp Suite extension that enables users to encrypt and decrypt requests for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using JavaScript and Node.js, allowing for a tailored encryption/decryption process for specific needs.
- Node JS
- Burp Suite with Jython
- Encrypt & Decrypt the Selected Strings from Request Response
- View and Modify the encrypted request in plain text
- Decrypt Multiple Requests
- Perform Burp Scanner, Sql Map, Intruder Bruteforce or any Automation in Plain Text
- Auto Encrpyt the request on the fly
- Complete freedom for encryption and decryption logic
- Ability to handle encryption and decryption even with Key and IV in Request Header or Body
Repository for More Encryption Decryption examples Code Repository
var CryptoJS = require("crypto-js");
const program = require("commander");
const { Buffer } = require('buffer');
program
.option("-d, --data <data>", "Data to process")
.parse(process.argv);
const options = program.opts();
const plaintext = Buffer.from(options.data, 'base64').toString('utf8');
var key = "1234"
var iv = "1234"
var encryptedbytes = CryptoJS.AES.encrypt(plaintext, CryptoJS.enc.Utf8.parse(key),
{
keySize: 128 / 8,
iv: CryptoJS.enc.Utf8.parse(iv),
mode: CryptoJS.mode.CBC
});
var Encryptedtext = encryptedbytes.toString();
console.log(Encryptedtext)
var CryptoJS = require("crypto-js");
const program = require("commander");
const { Buffer } = require('buffer');
program
.option("-d, --data <data>", "Data to process")
.parse(process.argv);
const options = program.opts();
var ciphertext = Buffer.from(options.data, 'base64').toString('utf8');
var key = "1234"
var iv = "1234"
var decryptedbytes = CryptoJS.AES.decrypt(ciphertext, CryptoJS.enc.Utf8.parse(key),
{
keySize: 128 / 8,
iv: CryptoJS.enc.Utf8.parse(iv),
mode: CryptoJS.mode.CBC
});
var plaintext = decryptedbytes.toString(CryptoJS.enc.Utf8);
console.log(plaintext)
- Response Encryption & Decryption
- Support for GET Paramters
- Allowing Edit Headers for Request Type
Custom Request
- Supporting multiple languages for encryption and decryption