search

RhinoSecurityLabs / IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
814 stars 144 forks source link

Cannot enable the enable button #27

Closed anandasaia closed 4 years ago

anandasaia commented 4 years ago

Hey, when I try to click on the enable button, it just hangs for a while and remain disabled. The following error is shown: Traceback (most recent call last): File "/root/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/IPRotate.py", line 202, in enableGateway self.startAPIGateway() File "/root/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/IPRotate.py", line 76, in startAPIGateway self.create_api_response = self.awsclient.create_rest_api( File "/root/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/BappModules/botocore/client.py", line 357, in _api_call return self._make_api_call(operation_name, kwargs) File "/root/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/BappModules/botocore/client.py", line 661, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the CreateRestApi operation: The security token included in the request is invalid.

DaveYesland commented 4 years ago

This sounds like you have the wrong python/boto3 version. Try making sure you module loading folder in Burp point to your python3 folder.

anandasaia commented 4 years ago

Okay, I fixed that by pointing the modules folder to usr/lib/python2.7 But now the following error appears:

Traceback (most recent call last):
  File "/home/user/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/IPRotate.py", line 202, in enableGateway
    self.startAPIGateway()
  File "/home/user/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/IPRotate.py", line 76, in startAPIGateway
    self.create_api_response = self.awsclient.create_rest_api(
  File "/home/user/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/BappModules/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/user/.BurpSuite/bapps/2eb2b1cb1cf34cc79cda36f0f9019874/BappModules/botocore/client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (IncompleteSignatureException) when calling the CreateRestApi operation: '/20200821/eu-west-3/apigateway/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=XXXXXXXXX(myaccesskey) /20200821/eu-west-3/apigateway/aws4_request, SignedHeaders=accept;host;x-amz-date, Signature=signaturevalue'.

I thought it might be an issue with eu-west-3 and unchecked it in the regions checklist. But it just popped the same error only with another region's name and it kept happening with all regions.

DaveYesland commented 4 years ago

Double check your keys, make sure there are no leading or trailing spaces and they are valid: Check out: https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension/issues/25