MITM Decryption

Galaxy (MITM Decryption) automatically decrypts encrypted HTTP traffic in real-time, allowing security testing of applications with encrypted communications as if they were plaintext. By writing custom hooks in Java, Python (Jython or GraalPy), or JavaScript, users can reverse-engineer and apply encryption/decryption logic to intercept and modify traffic across all of Burp.

Features

• Automatic encryption and decryption of HTTP requests and responses using custom hooks
• Support for custom hooks in multiple languages: Java, Python (Jython and GraalPy), and JavaScript
• Integration with security scanners, including sqlmap and xray, for testing encrypted endpoints
• Built-in examples for common encryption algorithms (AES, DES, RSA, SM2, SM4) and complex scenarios like dynamic keys
• Works seamlessly across different Burp tools: Proxy, Repeater, Intruder, and Scanner
• Additional utilities: authentication bypass payload generator, Swagger API documentation parser, and JSON/query string converters

Usage

Note: For detailed usage instructions, please refer to the extension wiki pages.

1. Navigate to the Galaxy tab in Burp Suite
2. Write a custom hook implementing the four methods: hookRequestToBurp, hookRequestToServer, hookResponseToBurp, and hookResponseToClient
3. In your hook methods, implement the encryption/decryption logic that matches the target application's scheme
4. Load and start the hook to enable automatic traffic processing
5. Use Burp as normal → encrypted traffic will automatically be decrypted for viewing and editing, then re-encrypted when sent
6. Right-click decrypted requests to send them to sqlmap or xray for automated vulnerability scanning