From 69453623b2202ea77a1bb404a2a66da0b0fd9a4a Mon Sep 17 00:00:00 2001 From: d4d Date: Fri, 26 Jul 2024 12:56:34 +0100 Subject: [PATCH] Update README.md --- README.md | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 528cedf..fe24df8 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,27 @@ -# bypass-bot-detection +# Bypass bot detection Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection + +## Build Instructions + +* Ensure that Java JDK 17 or newer is installed +* From root of project, run the command `./gradlew jar` +* This should place the JAR file `Bypass-Bot-Detection-0.0.1.jar` within the `build/libs` directory +* This can be loaded into Burp by navigating to the `Extensions` tab, `Installed` sub-tab, clicking `Add` and loading + the JAR file +* This BApp is using the newer Montoya API, so it's best to use the latest version of Burp (try the earlier adopter + channel if there are issues with the latest stable release) + +## Usage +1. Install the extension. +2. The extension requires enabling custom Network TLS settings. Navigate to Settings -> Network -> TLS and select `Use custom protocols and cipher`. +3. Right-click on a Request/Response item in the Proxy History tab, navigate to Extensions -> Bypass bot detection, and select one of the menu items. +4. If the server's response changes (i.e., the number of words and headers are different), the extension will log the message and add notes to the Proxy History. + +### Modes +- **Firefox Mode**: Install the following list of cipher suites: 4865, 4867, 4866, 49195, 49199, 52393, 52392, 49196, 49200, 49162, 49161, 49171, 49172, 156, 157, 47, 53 and add the Firefox User-Agent header. +- **Chrome Mode**: Use cipher suites 4865, 4866, 4867, 49195, 49199, 49196, 49200, 52393, 52392, 49171, 49172, 156, 157, 47, 53 and add the Chrome User-Agent header. +- **Safari Mode**: Include cipher suites 4865, 4866, 4867, 49196, 49195, 52393, 49200, 49199, 52392, 49162, 49161, 49172, 49171, 157, 156, 53, 47, 49160, 49170, 10 and add the Safari User-Agent header. +- **Brute Force Mode**: Tries different combinations of TLS protocol versions and cipher suites. For a full list, visit: [PortSwigger/bypass-bot-detection](https://github.com/PortSwigger/bypass-bot-detection/blob/d677ad52a3cad97aa51b39b66976e35490cef76d/src/main/java/net/portswigger/burp/extensions/Constants.java#L88). + +## Warning +The extension modifies network settings during brute force attacks. It is not recommended to use this extension concurrently with other active scans.