Burp dynamic header in Intruder

A. Add a Payload Processing Rule

  1. Click "Add" under Payload Processing.

  2. Select Rule Type: Choose the rule type as "Add Prefix" (or any rule that suits how you want to format the X-Forwarded-For header).

  3. In the dialog box that appears:

    • Choose "Replace" for replacing the existing value of the X-Forwarded-For header.

    • Dynamic Input: Create a function or rule that generates a new random IP address for every request.

    You can either:

    • Use Payload and select the IP Address generator.

    • Or create a custom list of IPs to cycle through using the payload list.

Last updated