Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/carlospolop/fuzzhttpbypass

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...
https://github.com/carlospolop/fuzzhttpbypass

authentication bypass fuzzing http wfuzz

Last synced: 7 days ago
JSON representation

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

Awesome Lists containing this project

README

        

# FuzzHTTPBypass

This tool use fuuzzing to try to bypass unknown authentication methods, who knows...

This is mainly for CTFs.

## Installation

You only need to have installed **wfuzz**

```bash
pip3 install wfuzz
```

## Features

- [+] Get and show **GET code**, **cookies sent** by server and **content if redirect** (all of this in the provided url)
- [+] Fuzz **HTTP Verbs(Methods)**: *GET, HEAD, POST, DELETE, CONNECT, OPTIONS, TRACE, PUT, INVENTED*
- [+] Fuzz **HTTP Headers**: *Forwarded, X-Forwarded-For, X-ProxyUser-Ip, Referer, User-Agent, Cookies*
- [+] Fuzz **HTTP Authentication**: *Basic and NTLM*
- [+] **Filter** by code or by words (appearing or not)
- [+] **Autocontained**

## Example

Show responses that do not return code 403 of url http://example.com/index.php

`./fuzzhttpbypass.py -f notcontains,403 -u http://example.com/index.php`

Responses that do not contains the code 240 (show all) in http://example.com/index.php

`./fuzzhttpbypass.py -f notcontains,240 -u http://example.com/index.php`

Responses that do not contains the word "Invalid" in http://example.com/index.php (Currently, the Wfuzz API has problems with spaces so we can't use them)

`./fuzzhttpbypass.py -f notcontains,Invalid -u http://example.com/index.php`