Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. PyCript

Professional Community

PyCript

Download BApp

Pycript enables users to encrypt and decrypt requests, responses, and WebSocket messages for manual and automated application penetration testing. It allows users to create custom encryption and decryption logic using any language like Python, Go, Node.js, C, Bash etc, allowing for a tailored encryption/decryption process for specific needs.

Features

  • View and Modify encrypted requests in plain text
  • Read and Update request headers (modify signatures, tokens, etc.)
  • WebSocket message encryption & decryption support
  • Decrypt Multiple Requests
  • Perform Burp Scanner, Sql Map, Intruder Bruteforce or any Automation in Plain Text
  • Auto Encrypt the request on the fly
  • Complete freedom for encryption and decryption logic
  • Ability to handle encryption and decryption even with Key and IV in Request Header or Body
  • Support for both text-based and binary encryption

Requirements

Custom encryption/decryption scripts (Node.js / Python / Java / Any scripting language)

PyCript Help

Author

 Author

Sourav Kalal/AnoF

Version

 Version

2.0

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

20 January 2026

Estimated system impact

 Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.