Burp Suite User Forum

Login to post

Randomize IP Header on Turbo Intruder using Engine.THREADED

Valdrin | Last updated: Sep 22, 2022 07:46PM UTC

I am trying to randomize X-Forwarded-For header using Turbo Intruder. I am able to randomize the header using engine=Engine.BURP but it gives me an average of 15 RPS. But, when I use engine=Engine.THREADED, I go to more than 500 RPS. So, Do you have any solution on how do I generate some random values for X-Forwarded-For Header while using the THREADED engine? Here is my code. def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, concurrentConnections=15, requestsPerConnection=50, pipeline=True, engine=Engine.THREADED ) for word in open('c:/numbers-all.txt'): engine.queue(target.req, word.rstrip()) def handleResponse(req, interesting): # currently available attributes are req.status, req.wordcount, req.length and req.response if req.status != 404: table.add(req)

Hannah, PortSwigger Agent | Last updated: Sep 26, 2022 12:17PM UTC

Hi To clarify, your current method works fine when using the BURP engine. However, when changing the engine to THREADED, you encounter an issue. Are you receiving any error messages?

Valdrin | Last updated: Sep 26, 2022 11:38PM UTC

No error messages.

Hannah, PortSwigger Agent | Last updated: Sep 27, 2022 03:07PM UTC

Does your numbers-all.txt file just contain a large list of numbers? If so, you may be better off doing this programmatically, as you may end up repeating previous values. The debug.py example script uses the threaded engine - if you run this, does the test succeed?

You need to Log in to post a reply. Or register here, for free.