bscp notes
  • Resources
  • Exam Hints/Tips
  • Burp dynamic header in Intruder
  • Methodology
  • Payloads
  • Stage 1
    • XSS
    • Information disclosure
    • DOM-based
    • Web Cache Poison
    • Host Headers
    • HTTP Req Smuggling
    • Authentication
  • Stage 2
    • oAuth
    • CSRF
    • Password Reset
    • SQLi
      • SQLi Cheat Sheet
    • JWT
    • Prototype Pollution
    • API Testing - TODO
    • Access Control
    • CORS
  • DATA EXFILTRATION
    • XXE Injections
    • SSRF
    • SSTI
    • Path Traversal
    • File Upload
    • Insecure Desarialization
    • OS Cmd Injection
  • graphql api vulns
  • no sql
  • web cache deception
  • clickjacking
  • websockets
  • web cache deception
Powered by GitBook
On this page

Burp dynamic header in Intruder

A. Add a Payload Processing Rule

  1. Click "Add" under Payload Processing.

  2. Select Rule Type: Choose the rule type as "Add Prefix" (or any rule that suits how you want to format the X-Forwarded-For header).

  3. In the dialog box that appears:

    • Choose "Replace" for replacing the existing value of the X-Forwarded-For header.

    • Dynamic Input: Create a function or rule that generates a new random IP address for every request.

    You can either:

    • Use Payload and select the IP Address generator.

    • Or create a custom list of IPs to cycle through using the payload list.

PreviousExam Hints/TipsNextMethodology

Last updated 8 months ago