Is Ip-Rotation Bypass Obsolete?

RhinoSecurityLabs / IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

815 stars 145 forks source link

Is Ip-Rotation Bypass Obsolete? #36

Closed ericnyamubbp closed 3 years ago

ericnyamubbp commented 3 years ago

Hi,

Thanks allot for this wonderful tool.But there's a slight problem.Nowadays ip rotation bypasses are being rejected as valid security issue because some argue that changing ips will slow down the attack.In your test about this means of bypass do you find that to be true?

Regards

DaveYesland commented 3 years ago

I would say yes this method will typically slow down an attack as proxying everything through API Gateway will make things slower. But I have been able to prove impact using this method even though it may not be as fast as something like turbo intruder. It is completely dependent on what you are attacking and how they have implemented IP blocking and other protections.

ericnyamubbp commented 3 years ago

Hi,

Have you been able to use turbo intruder with this bypass method?Did you see a marked increase in the request rate?That would be very interesting.

Regard