This Burp Suite extension facilitates a Man-in-the-Middle (MITM) attack on RSA-encrypted communications. It enables security analysts and penetration testers to intercept, decrypt, and encrypt RSA traffic within Burp Suite’s Repeater tool. The extension supports loading custom MITM RSA keys (public and private) and the original public key, allowing seamless decryption and re-encryption of intercepted data. This tools was inspired by https://github.com/morkin1792/Re-Encrypt
- Load MITM RSA public and private keys
- Load the original public key for re-encryption
- Decrypt intercepted RSA-encrypted data
- Encrypt plaintext data before sending requests
- Integrates with Burp Suite's Repeater for easy analysis and modification
- Download the extension or clone the repository:
git clone https://github.com/incogbyte/RSA-MITM-Extension.git cd RSA-MITM-Extension
- Open Burp Suite and navigate to Extender > Extensions.
- Click Add, select the Python extension type.
- Load the
rsa_mitm_extension.py
file. - The extension should now appear under Extensions and add a tab in Repeater.
- Open Burp Suite and go to the Repeater tab.
- Navigate to the RSA MITM tab.
- Click:
- FakePub Key to load a MITM public key. ( PEM format )
- FakePriv Key to load a MITM private key. ( PEM format )
- Original Key to load the original public key. ( PEM format )
- Select an RSA-encrypted body.
- Click Decrypt Body.
- The decrypted content will be displayed in the editor.
- Modify a request body in the RSA MITM tab.
- Click Encrypt Body.
- The encrypted data is generated, copy and paste at the original request.
- Burp Suite (Community or Professional)
- Jython installed in Burp Suite (2.7 stand alone)
- Ensure that you have valid RSA keys for proper encryption and decryption.
- This tool is for educational and security research purposes only.
- Do not use this extension for illegal activities.
This project is licensed under the MIT License.
This tool is intended for security research and ethical hacking only. The developers do not take responsibility for any misuse or illegal activities related to this extension.
Contributions are welcome! Feel free to submit pull requests or open issues with feature requests and bug reports.
For any questions or suggestions, reach out via GitHub issues or email [email protected].



