#  Introduction

Scalpel is a powerful Burp Suite extension that allows you to script Burp in order to intercept, rewrite HTTP traffic on the fly, and program custom Burp editors in Python 3.

It provides an interactive way to edit encoded/encrypted data as plaintext and offers an easy-to-use Python library as an alternative to Burp’s Java API.

#  Index

• Installation
• Usage
• First steps
• FAQ
• Technical documentation for script development
• Example use-case
• How scalpel works

#  Features

• Python Library: Easy-to-use Python library, especially welcome for non-Java developers.
• Intercept and Rewrite HTTP Traffic: Scalpel provides a set of predefined function names that can be implemented to intercept and modify HTTP requests and responses.
• Custom Burp Editors: Program your own Burp editors in Python. Encoded/encrypted data can be handled as plaintext.
  • Hex Editors: Ability to create improved hex editors.

#  Use cases

• Decrypting custom encryption
• Editing encoded requests/responses

Note: One might think existing Burp extensions like Piper can handle such cases. But actually they can’t.
For example, when intercepting a response, Piper cannot get information from the initiating request, which is required in the above use cases. Scalpel generally allows you to manage complex cases that are not handled by other Burp extensions like Piper or Hackvertor.