Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/p0dalirius/ipsourcebypass

This Python script can be used to bypass IP source restrictions using HTTP headers.
https://github.com/p0dalirius/ipsourcebypass

bugbounty bypass headers http ip pentesting python tool

Last synced: 3 months ago
JSON representation

This Python script can be used to bypass IP source restrictions using HTTP headers.

Host: GitHub
URL: https://github.com/p0dalirius/ipsourcebypass
Owner: p0dalirius
Created: 2021-10-10T13:41:45.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-10-02T07:46:36.000Z (9 months ago)
Last Synced: 2024-01-16T12:31:24.185Z (5 months ago)
Topics: bugbounty, bypass, headers, http, ip, pentesting, python, tool
Language: Python
Homepage: https://podalirius.net/
Size: 171 KB
Stars: 359
Watchers: 5
Forks: 54
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml

Lists

awesome-stars - p0dalirius/ipsourcebypass - This Python script can be used to bypass IP source restrictions using HTTP headers. (Python)
awesome-hacking-lists - p0dalirius/ipsourcebypass - This Python script can be used to bypass IP source restrictions using HTTP headers. (Python)

README

        ![](./.github/banner.png)



  This Python script can be used to bypass IP source restrictions using HTTP headers.

  


  

  

  

  




![](./.github/four_results.png)

## Features

 - [x] 17 HTTP headers.

 - [x] Multithreading.

 - [x] JSON export with `--json outputfile.json`.

 - [x] Auto-detecting most successful bypasses.

## Usage

```

$ ./ipsourcebypass.py -h

[~] IP source bypass using HTTP headers, v1.2

usage: ipsourcebypass.py [-h] [-v] -i IP [-t THREADS] [-x PROXY] [-k] [-L] [-j JSONFILE] [-C] [-H HEADERS] [-S] url

This Python script can be used to test for IP source bypass using HTTP headers

positional arguments:

  url                   e.g. https://example.com:port/path

optional arguments:

  -h, --help            show this help message and exit

  -v, --verbose         arg1 help message

  -i IP, --ip IP        IP to spoof.

  -t THREADS, --threads THREADS

                        Number of threads (default: 5)

  -x PROXY, --proxy PROXY

                        Specify a proxy to use for requests (e.g., http://localhost:8080)

  -k, --insecure        Allow insecure server connections when using SSL (default: False)

  -L, --location        Follow redirects (default: False)

  -j JSONFILE, --jsonfile JSONFILE

                        Save results to specified JSON file.

  -C, --curl            Generate curl commands for each request.

  -H HEADERS, --header HEADERS

                        arg1 help message

  -S, --save            Save all HTML responses.

```

## Auto-detecting responses that stands out

Results are sorted by uniqueness of their response's length. This means that the results with unique response length will be on top, and results with response's length occurring multiple times at the bottom: 

| Two different result lengths | Four different result lengths  |

|------------------------------|--------------------------------|

| ![](./.github/two_results.png) | ![](./.github/four_results.png) |

## Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.