Skip to content

Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.

License

Notifications You must be signed in to change notification settings

e1abrador/Burp-Encode-IP

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 

Repository files navigation

About

This extension will encode an IP address into a bunch of less known encoding techniques.

This technique is focused on testing vulnerabilities such as SSRF [Server-Side Request Forgery], Open Redirect or RFI [Remote File Inclusion].

TL;DR

Easy Install

If you have Burp Pro it is possible to install directly on BApp:

image

Don't forget to rate the extension with ⭐⭐⭐⭐⭐ stars ;)

Installation

Go to the Extensions -> Installed -> Add -> burp-encode-ip.py

In order to use Unicode characters please follow the steps in the video:

change_burp_font.webm

Using

Demo.webm

Encodes

Unicode Encoding (Url Encoded) -> Will convert an IP address First to Unicode format and then to URL Encode.

Unicode Encoding (Copy to Clipboard) -> Wil convert the IP address to its Unicode version. Could you paste it on the same action? I did not find any way on Burp Suite to paste Unicode from the script, therefore I added a popup window that will let the user copy the characters on the clipboard and then paste it directly to Burp Suite.

IPv4 on IPv6 Unicode Encoding (URL Encoded) -> Will convert an IP address to the following format (URL Encoded): [::ⓕⓕⓕⓕ:unicoded-ip-address-here]:80. This can be useful to bypass some filters / WAF rules. Twitter PoC

IPv4 on IPv6 Unicode Encoding (Copy to Clipboard) -> As well as Unicode Encoding (Copy to Clipboard) i did not find a way to paste Unicode special characters on Burp Suite (Repeater and Proxy) so when clicking this option the user will see a popup window to copy and paste the generated payload.

Class B Encoding -> Will convert the IP address in two parts: the first two octets are preserved as is and the last two are combined into a single value.

Class A Encoding -> Will preserve the first octet as is and will combine the remaining three octets into a single value.

Hex Encoding -> Will convert the octets of the IP address to hexadecimal values.

Hex w/o dots -> Will convert the IP address to a single hexadecimal value without dots.

Hex Encoding v1 -> Will convert the first octet to hex and combine the remaining three octets into a single hexadecimal value.

Hex Encoding v2 -> Will convert the first two octets to individual hexadecimal values, and the last two octets are combined into a single hexadecimal value.

Octal Encoding -> Will convert the octets of the IP address to octal values.

Octal with 0s Encoding -> Will convert each octet into a zero-padded octal value.

Mixed Encoding -> Will treat the entire IP address as a single integer value. Each octet of the IP address is interpreted as a byte, and these bytes are combined to form a single integer.

Collaborator in IPv6 -> Will use a collaborator URL (automatically obtained from Burp API) and will convert it to an IPv6 valid domain.

DNS Rebinding -> Will generate a domain configured with the DNS Rebinding technique (thanks to https://twitter.com/taviso). In any case, there's the possibility of adding a custom domain (Note that in order for the custom domain to work, this https://github.com/taviso/rbndr must be configured first).

All -> Will generate a popup window that will contain the IP address encoded in all configured conversions currently existing on the extension.

Good luck and good hunting! If you really love the tool (or any others), or they helped you find an awesome bounty, consider BUYING ME A COFFEE! ☕ (I could use the caffeine!)

⚪ e1abrador

Buy Me a Coffee at ko-fi.com

TODO

  • Implement random number of octets encoding, in example: 0251.254.169.254 = 169.254.169.254.

Changelog

25/08/2023 -> Update integrating DNS Rebinding technique.

Advisory

This Burp Suite extension should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.

Releases

No releases published

Packages

No packages published

Languages