Burp AWS Socks5

git clone https://github.com/d3mondev/burp-vps-proxy

### Build for old java versions
.\gradlew.bat build

Config

POC

Internals - Server Socks5

#!/bin/bash
export DEBIAN_FRONTEND=noninteractive
apt-get -yq update && apt-get -yq install dante-server

cat > /etc/danted.conf << EOF
logoutput: syslog
user.privileged: root
user.unprivileged: nobody
internal: 0.0.0.0 port=1080
external: eth0
socksmethod: username
clientmethod: none
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}
EOF

EXTERNAL_INTERFACE=$(ip route get 1 | awk '{print $5; exit}')
sed -i "s/external: eth0/external: $EXTERNAL_INTERFACE/" /etc/danted.conf

useradd -r -s /bin/false burp-vps-proxy
echo 'burp-vps-proxy:CHANGEME' | chpasswd

systemctl restart danted.service

Dante Server (https://www.inet.no/dante/) with random password over debian t4g.nano instance

AWS Instance is destroyed on exit

AWS Security Group

Price /month

t4g.name x hour = 0.005 (varies by region)
max price x burp instance = 3.6 USD + EBS

Pretty cheap considering the plugin kills the EC2 instance on closing burp or manually stopping the plugin.

Considerations:

It is not an anonymity tool, it is focused to evade rate limit controls, bans, WAFs, connectivity check.

Minimal changes

git diff
diff --git a/src/vpsproxy/providers/AWSProvider.java b/src/vpsproxy/providers/AWSProvider.java
index 31bf4c5..ccf0148 100644
--- a/src/vpsproxy/providers/AWSProvider.java
+++ b/src/vpsproxy/providers/AWSProvider.java
@@ -19,7 +19,7 @@ import software.amazon.awssdk.services.ec2.model.*;
 import software.amazon.awssdk.services.ec2.model.Image;

 public class AWSProvider extends Provider {
-    final private String INSTANCE_TAG = "burp-vps-proxy";
+    final private String INSTANCE_TAG = "burp";
     final private String AWS_OS_TYPE = "debian-11";
     final private String AWS_INSTANCE_ARCH = "arm64";
     final private InstanceType AWS_INSTANCE_TYPE = InstanceType.T4_G_NANO;
@@ -59,7 +59,7 @@ public class AWSProvider extends Provider {

     private IBurpExtenderCallbacks callbacks;

-    private String awsRegion = "us-east-1";
+    private String awsRegion = "us-west-1";
     private Ec2Client ec2Client;

     public AWSProvider(IBurpExtenderCallbacks callbacks) {
@@ -99,12 +99,12 @@ public class AWSProvider extends Provider {

         String securityGroupId;
         try {
-            securityGroupId = createSecurityGroup("burp-vps-proxy", "Allow traffic to port 1080 for the Burp SOCKS Proxy");
+            securityGroupId = createSecurityGroup("Burp", "Allow traffic to port 1080 for the Burp SOCKS Proxy");
         } catch (ProviderException e) {
             throw e;
         }

-        String instanceName = String.format("burp-vps-proxy-%s", RandomString.generate(4));
+        String instanceName = String.format("burp-%s", RandomString.generate(4));
         Tag nameTag = Tag.builder()
             .key("Name")
             .value(instanceName)

Autor: d3mondev (https://github.com/d3mondev/burp-vps-proxy)

PreviousSSTI ASPNextMHL - Food Store

Last updated