Bypass Bot Detection

This extension mutates ciphers to bypass TLS-fingerprint based bot detection.

Usage

Note: This extension changes network settings at "Settings -> Network -> TLS" and selects "Use custom protocols and ciphers".

1. Right-click on a Request/Response item in the Proxy History tab
2. Navigate to Extensions -> Bypass bot detection, and select one of the menu items
3. f the server's response changes (i.e., the number of words and headers are different), the extension will log the message and add notes to the Proxy History

Modes

• Firefox Mode: Install the following list of cipher suites: 4865, 4867, 4866, 49195, 49199, 52393, 52392, 49196, 49200, 49162, 49161, 49171, 49172, 156, 157, 47, 53 and add the Firefox User-Agent header
• Chrome Mode: Use cipher suites 4865, 4866, 4867, 49195, 49199, 49196, 49200, 52393, 52392, 49171, 49172, 156, 157, 47, 53 and add the Chrome User-Agent header
• Safari Mode: Include cipher suites 4865, 4866, 4867, 49196, 49195, 52393, 49200, 49199, 52392, 49162, 49161, 49172, 49171, 157, 156, 53, 47, 49160, 49170, 10 and add the Safari User-Agent header
• HTTP2 Downgrade: By default, Burp uses HTTP/2 to communicate with all servers that advertise support for it during the TLS handshake. When this feature is selected, Burp Suite will use HTTP/1 even if the server supports HTTP/2. It allows you to bypass aggressive HTTP/2 fingerprinting
• Brute Force Mode: Tries different combinations of TLS protocol versions and cipher suites. For a full list, visit PortSwigger/bypass-bot-detection

Warning

This extension modifies network settings during brute force attacks. It is not recommended to use this extension concurrently with other active scans.

This extension cannot bypass aggressive bot detection.

Copyright © 2024-2025 PortSwigger Ltd.