{"id":13642547,"url":"https://github.com/laluka/bypass-url-parser","last_synced_at":"2026-01-16T19:13:56.042Z","repository":{"id":37753973,"uuid":"422729750","full_name":"laluka/bypass-url-parser","owner":"laluka","description":"bypass-url-parser","archived":false,"fork":false,"pushed_at":"2025-12-27T12:11:19.000Z","size":406,"stargazers_count":1108,"open_issues_count":7,"forks_count":121,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-01-04T07:50:22.731Z","etag":null,"topics":["bypass","differential","exploit","hacking","offensive","parser","pentest","security","semicolon","tool","tooling","url"],"latest_commit_sha":null,"homepage":"https://linktr.ee/TheLaluka","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/laluka.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-10-29T22:38:45.000Z","updated_at":"2026-01-02T13:16:11.000Z","dependencies_parsed_at":"2024-06-22T21:02:44.442Z","dependency_job_id":"ab08799d-7284-4caa-9a5c-b792e40578f0","html_url":"https://github.com/laluka/bypass-url-parser","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/laluka/bypass-url-parser","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laluka%2Fbypass-url-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laluka%2Fbypass-url-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laluka%2Fbypass-url-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laluka%2Fbypass-url-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/laluka","download_url":"https://codeload.github.com/laluka/bypass-url-parser/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laluka%2Fbypass-url-parser/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28481593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass","differential","exploit","hacking","offensive","parser","pentest","security","semicolon","tool","tooling","url"],"created_at":"2024-08-02T01:01:32.895Z","updated_at":"2026-01-16T19:13:56.014Z","avatar_url":"https://github.com/laluka.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Bypass Url Parser\n\n[![PyPI - Version](https://img.shields.io/pypi/v/bypass-url-parser)](https://pypi.org/project/bypass-url-parser/) [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/bypass-url-parser)](https://pypi.org/project/bypass-url-parser/) [![PyPI - License](https://img.shields.io/pypi/l/bypass-url-parser)](https://github.com/laluka/bypass-url-parser/blob/main/LICENSE) [![pdm-managed](https://img.shields.io/badge/pdm-managed-blueviolet)](https://pdm.fming.dev)\n\nTool that tests `MANY` url bypasses to reach a `40X protected page`.\n\nIf you wonder why this code is `nothing but a dirty curl wrapper`, here's why:\n\n- Most of the python requests do url/path/parameter encoding/decoding, and I hate this.\n- If I submit raw chars, I want raw chars to be sent.\n- If I send a weird path, I want it weird, not normalized.\n\nThis is `surprisingly hard` to achieve in python without loosing all of the lib goodies like parsing, ssl/tls encapsulation and so on. \\\nSo, be like me, use `curl as a backend`, it's gonna be just fine.\n\nAlso, this tool can be used as a library, see [lib_sample_usage.py](lib_sample_usage.py)\n\n## Installation\n\nWe recommend using `pipx` to install this tool:\n\n```bash\npipx install bypass-url-parser\n# or for the latest dev version\npipx install git+https://github.com/laluka/bypass-url-parser\n```\n\nAlternatively, you can use `pip`:\n\n```bash\npip install bypass-url-parser\n```\n\n## Usage\n\n```\nBypass Url Parser, made with love by @TheLaluka\nA tool that tests MANY url bypasses to reach a 40X protected page.\n\nUsage:\n bypass-url-parser (-u \u003cURL\u003e | -R \u003cfile\u003e) [-m \u003cmode\u003e] [-o \u003coutdir\u003e] [-S \u003clevel\u003e] [ (-H \u003cheader\u003e)...] [-r \u003cnum\u003e]\n [-s \u003cip\u003e] [--spoofip-replace] [-p \u003cport\u003e] [--spoofport-replace] [-t \u003cthreads\u003e] [-T \u003ctimeout\u003e]\n [--request-tls] [--jsonl] [--dump-payloads] [-x \u003cproxy_url\u003e] [-v | -d | -dd]\n\nProgram options:\n -u, --url \u003cURL\u003e URL (path is optional) to run bypasses against\n -R, --request \u003cfile\u003e Load HTTP raw request from a file\n -H, --header \u003cheader\u003e Header(s) to use, format: \"Cookie: can_i_haz=fire\"\n -m, --mode \u003cmode\u003e Bypass modes. See 'Bypasser.BYPASS_MODES' in code [Default: all]\n -o, --outdir \u003coutdir\u003e Output directory for results\n -x, --proxy \u003cproxy_url\u003e Set a proxy in the format http://proxy_ip:port.\n -S, --save-level \u003clevel\u003e Save results level. From 0 (DISABLE) to 3 (FULL) [Default: 2]\n -s, --spoofip \u003cip\u003e IP(s) to inject in ip-specific headers\n -p, --spoofport \u003cport\u003e Port(s) to inject in port-specific headers\n -r, --retry \u003cnum\u003e Retry attempts of failed requests. Set 0 to disable all retry tentatives [Default: 1]\n -t, --threads \u003cthreads\u003e Scan with N parallel threads [Default: 1]\n -T, --timeout \u003ctimeout\u003e Request times out after N seconds [Default: 5]\n\nGeneral options:\n -h, --help Show help, you are here :)\n -v, --verbose Verbose output\n -d, --debug Show more details like curl commands generated by this tool\n -dd, --debug Print Debug level 2 (with all classes debug_class output)\n -V, --version Show version info\n\nMisc options:\n --spoofip-replace Disable list of default internal IPs in 'http_headers_ip' bypass mode\n --spoofport-replace Disable list of default internal ports in 'http_headers_port' bypass mode\n --request-tls Force usage of TLS/HTTPS for the request load with the '-R, --request' option\n --dump-payloads Print all payloads (curls) generated by this tool.\n --jsonl Print results in JSON lines format (pipe command output)\n\nExamples:\n bypass-url-parser -u \"http://127.0.0.1/juicy_403_endpoint/\" -s 8.8.8.8 -d\n bypass-url-parser -u /path/urls -t 30 -T 5 -H \"Cookie: me_iz=admin\" -H \"User-agent: test\"\n bypass-url-parser -R /path/request_file --request-tls -m \"mid_paths, end_paths\"\n```\n\n## Expected result\n\n```bash\nbypass-url-parser -u http://127.0.0.1:8000/foo/bar\n2022-08-09 14:52:40 lalu-perso bup[361559] WARNING Trying to bypass 'http://127.0.0.1:8000/foo/bar' url (3213 payloads)...\n2022-08-09 14:52:40 lalu-perso bup[361559] INFO Doing: 50 / 3213\n[...]\n2022-08-09 14:52:54 lalu-perso bup[361559] INFO Doing: 3200 / 3213\n2022-08-09 14:52:54 lalu-perso bup[361559] INFO Retry (1/3) the '16' failed curl commands with 10 threads and 10s timeout\n2022-08-09 14:52:54 lalu-perso bup[361559] INFO Retry (2/3) the '16' failed curl commands with 5 threads and 20s timeout\n2022-08-09 14:52:54 lalu-perso bup[361559] INFO Retry (3/3) the '16' failed curl commands with 1 threads and 30s timeout\n2022-08-09 14:52:55 lalu-perso bup[361559] INFO\n[#####] [bypass_method] [payload] =\u003e [status_code] [content_type] [content_length] [lines_count] [word_counts] [title] [server] [redirect_url]\n[GROUP (1587)] [original_request] [http://127.0.0.1:8000/foo/bar] =\u003e [404] [text/html] [469] [14] [95] [Error response] [SimpleHTTP/0.6 Python/3.8.10] []\n[GROUP (10)] [http_methods] [-X CONNECT http://127.0.0.1:8000/foo/bar] =\u003e [501] [text/html] [500] [14] [96] [Error response] [SimpleHTTP/0.6 Python/3.8.10] []\n[SINGLE] [mid_paths] [http://127.0.0.1:8000/???foo/bar] =\u003e [200] [text/html] [913] [26] [27] [Directory listing for /???foo/bar] [SimpleHTTP/0.6 Python/3.8.10] []\n[SINGLE] [mid_paths] [http://127.0.0.1:8000//???foo/bar] =\u003e [301] [] [] [0] [0] [] [SimpleHTTP/0.6 Python/3.8.10] [/???foo/bar]\n[SINGLE] [mid_paths] [http://127.0.0.1:8000/??foo/bar] =\u003e [200] [text/html] [911] [26] [27] [Directory listing for /??foo/bar] [SimpleHTTP/0.6 Python/3.8.10] []\n[SINGLE] [mid_paths] [http://127.0.0.1:8000//??foo/bar] =\u003e [301] [] [] [0] [0] [] [SimpleHTTP/0.6 Python/3.8.10] [/??foo/bar]\n[SINGLE] [mid_paths] [http://127.0.0.1:8000/?foo/bar] =\u003e [200] [text/html] [909] [26] [27] [Directory listing for /?foo/bar] [SimpleHTTP/0.6 Python/3.8.10] []\n[SINGLE] [mid_paths] [http://127.0.0.1:8000//?foo/bar] =\u003e [301] [] [] [0] [0] [] [SimpleHTTP/0.6 Python/3.8.10] [/?foo/bar]\n[SINGLE] [mid_paths] [http://127.0.0.1:8000///?anythingfoo/bar] =\u003e [200] [text/html] [929] [26] [27] [Directory listing for ///?anythingfoo/bar] [SimpleHTTP/0.6 Python/3.8.10] []\n[SINGLE] [mid_paths] [http://127.0.0.1:8000////?anythingfoo/bar] =\u003e [200] [text/html] [931] [26] [27] [Directory listing for ////?anythingfoo/bar] [SimpleHTTP/0.6 Python/3.8.10] []\n[GROUP (2)] [mid_paths] [http://127.0.0.1:8000/#?foo/bar] =\u003e [200] [text/html] [893] [26] [27] [Directory listing for /] [SimpleHTTP/0.6 Python/3.8.10] []\n[GROUP (2)] [mid_paths] [http://127.0.0.1:8000//#?foo/bar] =\u003e [301] [] [] [0] [0] [] [SimpleHTTP/0.6 Python/3.8.10] [/]\n```\n\n## Setup\n\n### LINUX\n\n```bash\n# Deps\nsudo apt install -y bat curl virtualenv python3\n# Tool\nvirtualenv -p python3 .py3\nsource .py3/bin/activate\nPDM_BUILD_SCM_VERSION=\"$(git describe --abbrev=0)-dev\" pip install .\n# If bup installed globally, use\npython src/bypass_url_parser/__init__.py -u https://thinkloveshare.com/juicy_403_endpoint/\n# Else this should work\nbypass-url-parser -u https://thinkloveshare.com/juicy_403_endpoint/\ncat /tmp/tmpRANDOM-bypass-url-parser/triaged-bypass.json | jq -r '.results[].request_curl_cmd'\ncat /tmp/tmpRANDOM-bypass-url-parser/triaged-bypass.json | jq -r '.results[].response_data'\n```\n\n### DOCKER\n\n```bash\ndocker run --rm -it -v \"$PWD:/host\" -w /host ghcr.io/laluka/bypass-url-parser:latest bash -il\n# Then bup -h, keep the docker open as the output is saved by default in /tmp\n# Or specify the output to the current directory, and consult them later! :)\n```\n\n## More about supported arguments\n\n### Arguments parsing\n\nBypass_url_parser allows to define some arguments in many ways:\n\n- `-m, --mode`, `-s, --spoofip` and `-p, --spoofport` arguments can be a filename, a string, a comma-separated string list or a list (when `Bypasser` is used as a library);\n- `-u, --url` argument can be a filename, a string or a list (when `Bypasser` is used as a library);\n- `stdin` (with `-`) is supported for all these arguments.\n\nFor example, if you want to define several target urls (`-u, --url`), all the following commands produce the same result:\n\n```bash\nbypass-url-parser -u http://thinkloveshare.com/test\nbypass-url-parser -u /path/urls\ncat /path/urls | bypass-url-parser -u -\necho 'http://thinkloveshare.com/test' | bypass-url-parser -u -\n```\n\n### Target definition\n\nA target must be defined for the tool to work. 2 options:\n\n- `-u, --url`: URL(s), in GET\n- `-R, --request`: Request file. The protocol can't be guessed from file, so `http` by default or `https` if `--request-tls` option is present.\n\n### Bypass mode\n\nIf `-m, --mode` is specified, you can select the desired bypass mode to run a specific test (or tests) and reduce the number of requests sent by the tool.\n\nFor now, the following bypass mode(s) are supported:\n\n```\nall, mid_paths, end_paths, case_substitution, char_encode, http_methods, http_versions, http_headers_method, http_headers_scheme, http_headers_ip, http_headers_port, http_headers_url, user_agent\n```\n\nExample:\n\n```bash\nbypass-url-parser -u /path/urls -m \"case_substitution, char_encode, http_headers_scheme\"\n```\n\n### Spoofip / Spoofport\n\nIn order to customize the ip addresses and ports used in bypass attempts, the tool supports the following options:\n\n- With `-s, --spoofip` you can set some IP(s) to inject into `ip-specific` headers (`X-Forwarded-For`, `X-Real-Ip`, etc.)\n- With `-p, --spoofport` you can set some ports to inject into `port-specific` headers (`X-Forwarded-Port`)\n\nBy default, these custom entries are added to the internal IP/port lists. If you want to use only your IP(s)/port(s), you can use `--spoofip-replace` and/or `--spoofport-replace` arguments.\n\nExample:\n\n```bash\nbypass-url-parser -u /path/urls -s /path/custom_ip --spoofip-replace\nbypass-url-parser -u /path/urls -p \"3000, 9443, 10443\"\n```\n\n### JSON-Lines output and command piping\n\nWith the `--jsonl` option, it's possible to print the results on `stdout` in `JSON-Lines` format. The standard tool's output and results are displayed with a logger on `stderr`, so it is possible to pipe the `JSON-Line` output format with other tools:\n\n```bash\nbypass-url-parser -u \"https://thinkloveshare.com/juicy_403_endpoint/\" -t 20 -S 0 -m case_substitution,char_encode --jsonl | jq\n```\n\n***Notes:** With `-S 2` ou `-S 3`, the JSON-Lines output also includes the path and the name of saved html files.*\n\n### Results saving\n\nBy default, if target url is unique, the tool saves a copy of the results in `/tmp/tmpXXX-bypass-url-parser/` directory.\n\n***Notes:** If multiple target urls are passed to `-u`, results are prefixed with the url as directory (`/tmp/tmpXXX-bypass-url-parser/http-target-com-8080-api-users/`).*\n\nThere are two arguments to customize this behavior:\n\n- `-o, --outdir` to set a custom output directory\n- `-S, --save-level` to choose a saving level\n\nThe saving levels are:\n\n- `0` (NONE): Disable output saving and output directory creation;\n- `1` (MINIMAL): Only save the program log file which contains the results: `triaged-bypass.log`;\n- `2` (PERTINENT): Save the program log file `triaged-bypass.log` and **pertinent (results)** curl responses in `triaged-bypass.json` file and separate html files (Default);\n- `3` (FULL): Save the program log file `triaged-bypass.log` and **all** curl responses in `triaged-bypass.json` file and separate html files.\n\n#### Example\n\n```bash\nbypass-url-parser -S 0\nbypass-url-parser -S 1 -o /tmp/bypass-res\nbypass-url-parser -S 2 -o /tmp/bypass-res2 -H \"User-Agent: curl 7.74.0\" -u http://thinkloveshare.com/juicy_403_endpoint/\ntree /tmp/bypass-res2/\n├── bypass-2469eecf6c38b5817d2248e911ad4382.html\n├── bypass-6f7cce7caf0a0a4b440859fa189d496d.html\n├── bypass-80f4ab5d32b4e74c20630c7e67f2e42f.html\n├── bypass-93079abffe63d34f79ac4a511cd6b5e6.html\n├── bypass-945822230d58d1ad4680d5dfbc470ecb.html\n├── bypass-e6118c315eea0e5b2ebc4fcafe0559c0.html\n├── triaged-bypass.json\n└── triaged-bypass.log\n\n0 directories, 8 files\n```\n\n#### Results export\n\nStarting from `MINIMAL` level, the results displayed by the program are saved in the `triaged-bypass.log` file.\n\n#### JSON export\n\nWith `PERTINENT` and `FULL` saving levels, the program additionally exports all results in the `triaged-bypass.json` file:\n\n```json\n{\n \"url\": \"http://thinkloveshare.com/juicy_403_endpoint/\",\n \"bypass_modes\": \"all\",\n \"results\": [\n {\n \"request_curl_cmd\": \"/usr/bin/curl -sS -kgi -H 'User-Agent: curl 7.74.0' --path-as-is -H 'X-BlueCoat-Via: localhos[...SNIP...]\",\n \"request_curl_payload\": \"-H X-BlueCoat-Via: localhost http://thinkloveshare.com/juicy_403_endpoint/\",\n \"response_headers\": \"HTTP/1.1 301 Moved Permanently\\nConnection: keep-alive\\nContent-Length: 162\\nServer: GitHub.c[...SNIP...]\",\n \"response_data\": \"\u003chtml\u003e\\n\u003chead\u003e\u003ctitle\u003e301 Moved Permanently\u003c/title\u003e\u003c/head\u003e\\n\u003cbody\u003e\\n\u003ccenter\u003e\u003ch1\u003e301 Moved Permane[...SNIP...]\",\n \"response_status_code\": 301,\n \"response_content_type\": \"text/html\",\n \"response_content_length\": 162,\n \"response_lines_count\": 7,\n \"response_words_count\": 4,\n \"response_title\": \"301 Moved Permanently\",\n \"response_server_type\": \"GitHub.com\",\n \"response_redirect_url\": \"https://thinkloveshare.com/juicy_403_endpoint/\",\n \"response_html_filename\": \"bypass-e6118c315eea0e5b2ebc4fcafe0559c0.html\"\n },\n {\n \"request_curl_cmd\": \"/usr/bin/curl -sS -kgi -H 'User-Agent: curl 7.74.0' --path-as-is -X PROPFIND http://thinklove[...SNIP...]\",\n \"request_curl_payload\": \"-X PROPFIND http://thinkloveshare.com/juicy_403_endpoint/\",\n \"response_headers\": \"HTTP/1.1 405 Method Not Allowed\\nConnection: close\\nContent-Length: 131\\nServer: Varnish\\nRet[...SNIP...]\",\n \"response_data\": \"\u003chtml\u003e\\n\u003chead\u003e\u003ctitle\u003e405 Not Allowed\u003c/title\u003e\u003c/head\u003e\\n\u003cbody bgcolor=\\\"white\\\"\u003e\\n\u003ccenter\u003e\u003ch1\u003e405 N[...SNIP...]\",\n \"response_status_code\": 405,\n \"response_content_type\": \"\",\n \"response_content_length\": 131,\n \"response_lines_count\": 5,\n \"response_words_count\": 5,\n \"response_title\": \"405 Not Allowed\",\n \"response_server_type\": \"Varnish\",\n \"response_redirect_url\": \"\",\n \"response_html_filename\": \"bypass-945822230d58d1ad4680d5dfbc470ecb.html\"\n },\n { \"...\": \"[...SNIP...]\"},\n {\n \"request_curl_cmd\": \"/usr/bin/curl -sS -kgi -H 'User-Agent: curl 7.74.0' --path-as-is 'http://thinkloveshare.com/j[...SNIP...]\",\n \"request_curl_payload\": \"http://thinkloveshare.com/juicy_403_endpoint/\\u00b0//\",\n \"response_headers\": \"HTTP/1.1 400 Bad request\\nConnection: keep-alive\\nContent-Length: 90\\nCache-Control: no-cache[...SNIP...]\",\n \"response_data\": \"\u003chtml\u003e\u003cbody\u003e\u003ch1\u003e400 Bad request\u003c/h1\u003e\\nYour browser sent an invalid request.\\n\u003c/body\u003e\u003c/html\u003e\\n\",\n \"response_status_code\": 400,\n \"response_content_type\": \"text/html\",\n \"response_content_length\": 90,\n \"response_lines_count\": 3,\n \"response_words_count\": 7,\n \"response_title\": \"\",\n \"response_server_type\": \"\",\n \"response_redirect_url\": \"\",\n \"response_html_filename\": \"bypass-2469eecf6c38b5817d2248e911ad4382.html\"\n }\n ]\n}\n```\n\nMaking them easier to handle with `jq`:\n\n```bash\n$ jq -r '.results[] | [.request_curl_payload, .response_status_code, .response_content_type, .response_content_length] | join(\"|\")' /tmp/bypass-res2/triaged-bypass.json\n\n-H X-BlueCoat-Via: localhost http://thinkloveshare.com/juicy_403_endpoint/|301|text/html|162\n-X PROPFIND http://thinkloveshare.com/juicy_403_endpoint/|405||131\nhttp://thinkloveshare.com/%3b%2f%2e%2e%2f%2e%2e%2f%2fjuicy_403_endpoint/|400|text/html|9121\n-H Host: 8.8.8.8 http://thinkloveshare.com/juicy_403_endpoint/|404|text/html|9115\n-X CONNECT http://thinkloveshare.com/juicy_403_endpoint/|400|text/plain|15\nhttp://thinkloveshare.com/juicy_403_endpoint/°//|400|text/html|90\n```\n\n#### HTML files\n\nWith `PERTINENT` and `FULL` saving levels, curl commands and full HTTP responses are also stored in pseudo `.html` files:\n\n```bash\n$ echo /tmp/bypass-res2/*.html | xargs batcat\n───────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n │ File: /tmp/bypass-res2/bypass-2469eecf6c38b5817d2248e911ad4382.html\n───────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n 1 │ /usr/bin/curl -sS -kgi -H 'User-Agent: curl 7.74.0' --path-as-is 'http://thinkloveshare.com/juicy_403_endpoint/°//'\n 2 │\n 3 │ HTTP/1.1 400 Bad request\n 4 │ Connection: keep-alive\n 5 │ Content-Length: 90\n 6 │ Cache-Control: no-cache\n 7 │ Content-Type: text/html\n 8 │ Accept-Ranges: bytes\n 9 │ Date: Tue, 25 Apr 2023 23:51:38 GMT\n 10 │ Via: 1.1 varnish\n 11 │ X-Served-By: cache-par-lfpg1960025-PAR\n 12 │ X-Cache: MISS\n 13 │ X-Cache-Hits: 0\n 14 │ X-Timer: S1682466698.230664,VS0,VE10\n 15 │ Vary: Accept-Encoding\n 16 │ X-Fastly-Request-ID: b6bbb82302420db4f101a316dca39cc283a4fd44\n 17 │\n 18 │ \u003chtml\u003e\u003cbody\u003e\u003ch1\u003e400 Bad request\u003c/h1\u003e\n 19 │ Your browser sent an invalid request.\n 20 │ \u003c/body\u003e\u003c/html\u003e\n───────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n───────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n │ File: /tmp/bypass-res2/bypass-6f7cce7caf0a0a4b440859fa189d496d.html\n───────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n 1 │ /usr/bin/curl -sS -kgi -H 'User-Agent: curl 7.74.0' --path-as-is -X CONNECT http://thinkloveshare.com/juicy_403_endpoint/\n 2 │\n 3 │ HTTP/1.1 400 Bad Request\n 4 │ Connection: close\n 5 │ Content-Length: 15\n 6 │ content-type: text/plain; charset=utf-8\n 7 │ x-served-by: cache-par-lfpg1960083\n 8 │\n 9 │ invalid request\n───────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n───────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n │ File: /tmp/bypass-res2/bypass-80f4ab5d32b4e74c20630c7e67f2e42f.html\n───────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────\n 1 │ /usr/bin/curl -sS -kgi -H 'User-Agent: curl 7.74.0' --path-as-is http://thinkloveshare.com/%3b%2f%2e%2e%2f%2e%2e%2f%2fjuicy_403_endpoint/\n 2 │\n 3 │ HTTP/1.1 400 Bad Request\n 4 │ Connection: keep-alive\n 5 │ Content-Length: 9121\n 6 │ Server: GitHub.com\n 7 │ Content-Type: text/html; charset=utf-8\n 8 │ ETag: \"64417b9f-23a1\"\n 9 │ Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'\n 10 │ X-GitHub-Request-Id: 598E:F13E:26EE27D:284F5D2:64486731\n 11 │ Accept-Ranges: bytes\n 12 │ Date: Tue, 25 Apr 2023 23:50:11 GMT\n 13 │ Via: 1.1 varnish\n 14 │ X-Served-By: cache-par-lfpg1960046-PAR\n 15 │ X-Cache: MISS\n 16 │ X-Cache-Hits: 0\n 17 │ X-Timer: S1682466611.396077,VS0,VE101\n 18 │ Vary: Accept-Encoding\n 19 │ X-Fastly-Request-ID: 30bd6af5892c40da130ee49bbeacd147a1a6b3c3\n 20 │\n 21 │ \u003c!DOCTYPE html\u003e\n 22 │ \u003chtml\u003e\n 23 │ \u003chead\u003e\n 24 │ \u003cmeta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\"\u003e\n 25 │ \u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'\"\u003e\n 26 │ \u003ctitle\u003eBad request \u0026middot; GitHub Pages\u003c/title\u003e\n 27 │ \u003cstyle type=\"text/css\" media=\"screen\"\u003e\n[...SNIP...]\n```\n\n## Contributors\n\n- Initial release by [@TheLaluka](https://twitter.com/TheLaluka)\n- Huge refactoring \u0026 lib-mode with thanks to [@jtop_fap](https://twitter.com/jtop_fap)\n- Support for `Docker` \u0026 `Pypi` builds with the kind work of [@DugnyG](https://twitter.com/DugnyG)\n\n## License\n\nCopyright (C) 2022 Laluka\n\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\n\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.\n\nYou should have received a copy of the GNU Affero General Public License along with this program. If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaluka%2Fbypass-url-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaluka%2Fbypass-url-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaluka%2Fbypass-url-parser/lists"}