Skip to content
/ PyCript-WebSocket Public

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket

License

GPL-3.0 license
61 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Anof-cyber/PyCript-WebSocket

BranchesTags

Repository files navigation

PyCript WebSocket

PyCript WebSocket is a Burp Suite extension that enables users to encrypt and decrypt WebSocket messages. Built with the same logic as the original PyCript, this extension provides a separate solution specifically for WebSockets. It allows users to implement custom encryption and decryption logic using languages like Python, Go, Node.js, C, Bash, etc., ensuring flexibility for unique testing needs.

Note

This is another version of Original PyCript Extension for WebSocket Messages

Java CI with Gradle GitHub GitHub closed issues GitHub Release Date GitHub release (latest by date including pre-releases) GitHub last commit

Support

Sponsor Anof-cyber

Reference

Features

  • Encrypt & Decrypt Web Socket Messages for both To Server and To Client
  • View and Modify the encrypted Messages in plain text
  • Complete freedom for encryption and decryption logic

Image

PyCript

Demo Code

  • Demo Code for Encryption Decryption in PyCript WebSocket

Note

PyCript WebSocket has a separate logic for handling encryption and decryption, making it incompatible with the demo code from the original PyCript. While both extensions share the same core concept, they differ in implementation. Do not use PyCript-Template for PyCript WebSocket.

Below Example is in JavaScript, You can use any language including Bash, C, Python, Java, Go etc.

Decryption Code
// String Decryption with AES 128 UTF8
const fs = require('fs');
const path = require('path');
var CryptoJS = require("crypto-js");
const { program } = require('commander');
const { Buffer } = require('buffer');

program
  .option('-d, --data <file_path>', 'Path to JSON file containing base64 encoded + encrypted data');
  
program.parse(process.argv);
const options = program.opts();
 
const filePath = options.data;
const absoluteFilePath = path.resolve(filePath);
var data = fs.readFileSync(absoluteFilePath, 'utf8')
// call the functions to handle decryption, 
const originalText = decryptMessage(data);

// write decrypt data to same temp file.
fs.writeFileSync(absoluteFilePath,originalText)

function decryptMessage(encryptedMessage) {
    // your decryption logic
      return decrypted_data;
  }
Encryption Code
// String Decryption with AES 128 UTF8
const fs = require('fs');
const path = require('path');
var CryptoJS = require("crypto-js");
const { program } = require('commander');
const { Buffer } = require('buffer');

program
  .option('-d, --data <file_path>', 'Path to JSON file containing base64 encoded + encrypted data');
  
program.parse(process.argv);
const options = program.opts();
 
const filePath = options.data;
const absoluteFilePath = path.resolve(filePath);
var data = fs.readFileSync(absoluteFilePath, 'utf8')
// call the functions to handle encryption, 
const originalText = encryptMessage(data);

// write encrypted data to same temp file.
fs.writeFileSync(absoluteFilePath,originalText)

function encryptMessage(message) {
    // your encryption logic
    return encrypted_message;
  }

About

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket

Topics

websocket penetration-testing infosec pentesting bugbounty burpsuite burp-extensions

Resources

Readme

License

GPL-3.0 license
Activity

Stars

61 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 1

v0.1 Latest
Feb 14, 2025

Packages

No packages published

Languages