Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/infosec-au/enumXFF

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
https://github.com/infosec-au/enumXFF

Last synced: 3 months ago
JSON representation

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions

Lists

README 

        
All you need to do is run the tool from the terminal giving the following input:



- Page to attempt (`http/https://website.com/page`)

- The content length of the response that you get when you are denied

- The IP range you wish the tool to attempt through `X-Forwarded-For`



The tool will then simply request the given page with a range of IP addresses and then determine whether or not access to the said page is still forbidden.



`python enumXFF.py -t http://sketchysite.com/admin -badcl 234 -r 192.168.0.0-192.168.255.255`



The above command will attempt to request `http://sketchysite.com/admin` with all IP addresses in the range `192.168.0.0-192.168.255.255`. The python script takes advantage of asynchronous HTTP requests via the `requests-futures` module and hence should be fairly quick. Note, this tool only functions on Python2.



In addition to this, the enumXFF project on Github also contains a script called `generateIPs.py`. This will simply generate a list of comma delimited IP addresses that can be input directly to Burp's Intruder. If the tool isn't the best way for you, Burp's Intruder is a reliable option to fall back on.



To generate the IPs for the range 192.168.0.0-192.168.255.255, you would need to use the following command:



`python3 generateIPs.py -r 192.168.0.0-192.168.255.255 -o burp_xff_ips.txt`



Refer to this blog post for further details: https://shubh.am/enumerating-ips-in-x-forwarded-headers-to-bypass-403-restrictions/