Burp Suite User Forum

Create new post

How to prevent Mod_security being activated when using the burp suite?

Ramazan | Last updated: Aug 28, 2018 01:26PM UTC

Hello, I have 3 questions. 1) How to prevent Mod_security being activated when using the burp suite? Websites are blocking my ip address... to solve this problem I want to automatically change my IP address each X seconds. So this is my second question: 2))I want to use an IP changer tool which will listen to the same address ( and port (8080)as the burp suite. but I read that its impossible to make 2 apps to listen to the same port. So what can I do? Actually what I need to use IP changer tool (it changes my IP every 10 seconds) but I can't make burp suite and that IP changer tool to listen to the same tool. So any suggestion? maybe you can recommend me some other ways to change my IP address each X seconds and also use burp suite. 3) when I'm doing scan it takes too many hours... What are the best options for scan setting? how many retires should I do? and so on.

PortSwigger Agent | Last updated: Aug 29, 2018 10:42AM UTC

To answer each question: 1) In general you can't use Scanner with mod_security or other web application firewalls, which is why we normally recommend asking the admin to whitelist your IP address. You can throttle the request rate or use an extension like Random IP Address Header to avoid being blocked by some WAFs. 2) I think you want to create a chain, i.e. Browser -> Burp -> IP changer -> Website. Configure Burp on 8081 and IP changer on 8081, then within Burp configure an Upstream Proxy with localhost:8081 3) One option is just to wait. Alternatively, restrict the number of requests being scanned, only turn on some scan checks, and have a look at the other options in Scanner > Options. Also, Burp 2 has a number of optimizations.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.