Cyber security

Awesome TLS – Evading WAFs With Advanced Burp Suite Extension

This extension hijacks Burp’s HTTP and TLS stack, allowing you to spoof any browser TLS fingerprint (JA3).

It boosts the power of Burp Suite while reducing the likelihood of fingerprinting by various WAFs like CloudFlare, PerimeterX, Akamai, DataDome, etc.

It does this without resorting to hacks, reflection or forked Burp Suite Community code.

All code in this repository only leverages Burp’s official Extender API.

Sponsors

Scrapfly is an enterprise-grade solution providing Web Scraping API that aims to simplify the scraping process by managing everything: real browser rendering, rotating proxies, and fingerprints (TLS, HTTP, browser) to bypass all major anti-bots. Scrapfly also unlocks observability by providing an analytical dashboard and measuring the success rate/block rate in detail.

Scrapfly is a good solution if you are looking for a robust solution to access the website behind WAF for web scraping use cases – We also provide a set of tools to verify your TLS fingerprint and HTTP/2 Fingerprint.

Maintenance of this project is made possible by all the lovely contributors and sponsors. If you’d like to sponsor this project and have your avatar or company logo appear in this section, click here.

How It Works

Unfortunately Burp’s Extender API is very limited for more advanced use cases like this, so I had to play around with it to make this work.

Once a request comes in, the extension intercepts it and forwards it to a local HTTPS server that started in the background (once the extension loaded).

This server works like a proxy; it forwards the request to the destination, while persisting the original header order and applying a customizable TLS configuration.

Then, the local server forwards the response back to Burp. The response header order is also preserved.

Configuration settings and other necessary information like the destination server address and protocol are sent to the local server per request by a magic header.

This magic header is stripped from the request before it’s forwarded to the destination server, of course.

For more information click here.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

4 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

4 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

4 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

1 day ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

1 day ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

1 day ago