Skip to content

sleeyax/burp-awesome-tls

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

96 Commits

.github

.github

 
 

docs

docs

 
 

gradle/wrapper

gradle/wrapper

 
 

src-go/server

src-go/server

 
 

src/main/java/burp

src/main/java/burp

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.gradle

build.gradle

 
 

build.sh

build.sh

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

Awesome TLS

This extension hijacks Burp's HTTP and TLS stack, allowing you to spoof any browser TLS fingerprint (JA3). It boosts the power of Burp Suite while reducing the likelihood of fingerprinting by various WAFs like CloudFlare, PerimeterX, Akamai, DataDome, etc.

It does this without resorting to hacks, reflection or forked Burp Suite Community code. All code in this repository only leverages Burp's official Extender API.

screenshot

Sponsors

scrapfly.io logo

Scrapfly is an enterprise-grade solution providing Web Scraping API that aims to simplify the scraping process by managing everything: real browser rendering, rotating proxies, and fingerprints (TLS, HTTP, browser) to bypass all major anti-bots. Scrapfly also unlocks observability by providing an analytical dashboard and measuring the success rate/block rate in detail.

Scrapfly is a good solution if you are looking for a robust solution to access the website behind WAF for web scraping use cases - We also provide a set of tools to verify your TLS fingerprint and HTTP/2 Fingerprint.

Maintenance of this project is made possible by all the lovely contributors and sponsors. If you'd like to sponsor this project and have your avatar or company logo appear in this section, click here. 💖

Showcase

CloudFlare bot score:

cloudflare bot score of Burp Pro cloudflare bot score of Awesome TLS

This is just one example. If you tested with another dedicated bot detection site, let me know your results!

How it works

Unfortunately Burp's Extender API is very limited for more advanced use cases like this, so I had to play around with it to make this work.

Once a request comes in, the extension intercepts it and forwards it to a local HTTPS server that started in the background (once the extension loaded). This server works like a proxy; it forwards the request to the destination, while persisting the original header order and applying a customizable TLS configuration. Then, the local server forwards the response back to Burp. The response header order is also preserved.

Configuration settings and other necessary information like the destination server address and protocol are sent to the local server per request by a magic header. This magic header is stripped from the request before it's forwarded to the destination server, of course.

diagram

ℹ️ Another option would've been to code an upstream proxy server and connect burp to it, but I personally needed an extension for customization and portability.

Installation

  1. Download the jar file for your operating system from releases. You can also download a fat jar, which works on all platforms supported by Awesome TLS. This means it's also portable and could be loaded from a USB for cross-platform access.
  2. Open burp (pro or community), go to Extender > Extensions and click on 'Add'. Then, select Java as the extension type and browse to the jar file you just downloaded. Click 'Next' at the bottom, and it should load the extension without any errors.
  3. Check your new 'Awesome TLS' tab in Burp for configuration settings and start hacking!

Configuration

This extension is 'plug and play' and should speak for itself. You can hover with your mouse over each field in the 'Awesome TLS' tab for more information about each field.

To load your custom Client Hello, you can capture it in Wireshark, copy client hello record as hex stream and paste it into the field "Hex Client Hello". screenshot

Advanced usage

In the 'advanced' tab, you can enable an additional proxy listener that will automatically apply the current fingerprint from the request:

screenshot

When enabled, the diagram changes to this:

diagram

Manual build Instructions

This extension was developed with JetBrains IntelliJ (and GoLand) IDE. The build instructions below assume you're using the same tools to build. See workflows for the target programming language versions.

  1. Compile the go package within ./src-go/. Run cd ./src-go/server && go build -o ../../src/main/resources/{OS}-{ARCH}/server.{EXT} -buildmode=c-shared ./cmd/main.go, replacing {OS}-{ARCH} with your OS and CPU architecture and {EXT} with your platform's preferred extension for dynamic C libraries. For example: linux-x86-64/server.so. See the JNA docs for more info about supported platforms.
  2. Compile the GUI form SettingsTab.form into Java code via Build > Build project.
  3. Build the jar with Gradle: gradle buildJar.

You should now have one jar file (usually located at ./build/libs) that works with Burp on your operating system.

Credits

Special thanks to the maintainers of the following repositories:

And the creators of the following websites:

License

GPL V3

About

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

Topics

java go tls golang burp utls burpsuite burp-extensions ja3 tls-fingerprint burp-suite ja3-fingerprint burp-waf burp-cloudflare-bypass burp-ja3

Resources

Readme

License

GPL-3.0 license
Activity

Stars

959 stars

Watchers

14 watching

Forks

63 forks
Report repository

Releases 22

v1.2.2 Latest
May 1, 2024
+ 21 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Contributors 5

Languages