Add random X-Forwarded-For to bypass API throttling

addHeadersExtension.py

import re
import random

from burp import IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction


class BurpExtender(IBurpExtender, ISessionHandlingAction):

    NAME = "Add X-Forwarded-For"

    def registerExtenderCallbacks(self, callbacks):
        self.callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        callbacks.setExtensionName(self.NAME)

        self.callbacks.registerSessionHandlingAction(self)

    def getActionName(self):
        return self.NAME
    
    def performAction(self, currentRequest, macroItems):
        request_info = self.helpers.analyzeRequest(currentRequest)
        headers = request_info.getHeaders()
        req_body = currentRequest.getRequest()[request_info.getBodyOffset():]
        
        # Bypass throttle IP
        if 'X-Forwarded-For: ' not in headers.toString():
            bypass_ip = '127.0.0.%s' % random.randint(1, 254)
            headers.add('X-Forwarded-For: ' + bypass_ip)

        # Build request with bypass headers
        message = self.helpers.buildHttpMessage(headers, req_body)

        # Update Request with New Header
        currentRequest.setRequest(message)
        return