IPRotate – Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request


Extension for Burp Suite which uses AWS API Gateway to switch your IP on every request.
Additional information: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/

This extension means that you can merely spin up API Gateways all through greater than one spaces. All the Burp Suite web site guests for the targeted host is then routed throughout the API Gateway endpoints which causes the IP to be different on each request. (There is a probability for recycling of IPs on the other hand this is gorgeous low and the additional spaces you use the less of a possibility.)
This is useful to keep away from different varieties of IP blockading like bruteforce protection that blocks in line with IP, API rate limiting in line with IP or WAF blockading in line with IP and so on.
credentials into the fields.

  • Insert the target house you wish to have to objective.
  • Make a choice HTTPS if the world is hosted over HTTPS.
  • Make a choice all the spaces you wish to have to use.(The additional you use the larger the IP pool it will likely be)
  • Click on on “Allow”.
  • Once you might be done make sure to click on on disable to delete all the property which were started.
  • If you want to check on the property and enpoints that were started or any attainable errors you’ll be able to check out the output console in Burp.

    The Burp UI


    Example of the way the requests look


    It would be best to have Jython installed and add IPRotate.py throughout the Burp Extension possible choices.

    Previous Research
    After releasing this extension it used to be as soon as recognized that there used to be other research in this area using AWS API Gateway to hide an IP take care of. There is some awesome research and kit thru @ustayready @ryHanson and @rmikehodges using this system.
    It would be best to check them out too:

    Download IPRotate_Burp_Extension