Using Axiom to Send Burp Suite Requests to Alternating Proxies

 

When performing large scale attacks with Burp Suite I often find rate limiting to be an issue. Recently, I've been using a quite slick tool by @pry0cc called Axiom to defeat rate limiting by alternating through custom proxies. It can dynamically build a fleet of cloud instances and round-robin proxy requests through them.

I won't go into setting up Axiom in this post, but I will give instructions on how to round-robin requests to an Axiom fleet with Burp. It's quite easy! Many thanks to @pry0cc for the awesome tool and for cluing me in to the --single switch.

Test environment:

Local machine = Ubuntu 20.04 running Burp Suite Pro and Axiom
Cloud = Digital Ocean

Instructions:

1. After you have Burp Suite and Axiom installed/configured, start with spinning up a fleet in the cloud (be aware this may cost you money):

axiom-fleet <fleet-name> -i=<number of instances>

 

2. Next, select the fleet:

axiom-select '<fleet-name>*'
 

(be sure to use the * after the fleet name)

 

3. The next piece is where Axiom creates an SSH tunnel to each of the instances to tunnel SOCKS traffic. Without the --single switch, you will have direct SOCKS connectivity to each of these instances and Axiom will output for you the ports each of the instances are listening on. It will then automagically populate ./proxychains.conf accordingly. This would be useful if you prefer to use proxychains4. But when using the --single switch, localhost listens on port 1337 for SOCKS and then automagically round-robins each request to the cloud instances!!:

axiom-proxy '<fleet-name>*' --single

 

Shaweet!

4. Now all that's left is to configure Burp (or whatever attack tool you're using) to use the SOCKS proxy listening at 127.0.0.1:1337. In Burp, this is done under User Options>SOCKS Proxy. To delete your fleet, just run this: axiom-rm '<fleet-name>*' -f

Update: Edited 04/04/2021 with minor edits and to correct the description of using axiom-proxy without the --single switch.