What Could Be The Problem.A New Host is Being Added.

RhinoSecurityLabs / IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

814 stars 144 forks source link

What Could Be The Problem.A New Host is Being Added. #37

Closed ericnyamubbp closed 3 years ago

ericnyamubbp commented 3 years ago

Hi,

When using the iprotator something strange is happeing.Itsnot on all sites though.A new host is being requested.It called 3od2hxr135.execute-api.eu-north-1.amazonaws.com .And it messing up the attack.Take a look at the screenshots

Screenshot from 2021-08-16 15-06-25

Screenshot from 2021-08-16 15-06-46

Screenshot from 2021-08-16 15-07-14

Screenshot from 2021-08-16 15-07-43

Is there away to remove this host from being added.

Thanks

DaveYesland commented 3 years ago

The host is added because when you enable the extension, requests are no longer sent to the target. Requests are sent to the API Gateway endpoint see this for more info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/.
You could try a match and replace to change the Host header but that will probably break the way API Gateway works. I am not sure of any other fix but let me know if you figure something out.

hishammir commented 2 years ago

Hi @ericnyamubbp @DaveYesland , Did you find a solution to this problem, I am having the same problem, i know the request is sent to the API gateway endpoint and it then sends a request further to the target and bring back the response.

But im not getting the desired response, the response is from the was API endpoint instead of the target.

Im using burp v2022.8.2