Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/davemolk/bye403
bypass 403 responses (or try to). you can bypass other responses as well (or try to).
https://github.com/davemolk/bye403
403 403-bypass go golang hacking pentesting pentesting-tools recon security
Last synced: 16 days ago
JSON representation
bypass 403 responses (or try to). you can bypass other responses as well (or try to).
- Host: GitHub
- URL: https://github.com/davemolk/bye403
- Owner: davemolk
- License: mit
- Created: 2023-01-02T03:16:35.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-01T13:04:47.000Z (almost 2 years ago)
- Last Synced: 2024-06-21T13:08:08.660Z (6 months ago)
- Topics: 403, 403-bypass, go, golang, hacking, pentesting, pentesting-tools, recon, security
- Language: Go
- Homepage:
- Size: 28.3 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# bye403
bypass 403 responses (or try to)## Overview
By default, bye403 uses a combination of path, header, and method manipulation in the attempt to bypass a 403 response. Any non-403 response is considered a success, although you can filter by status code to determine what gets printed to stdout.## Examples
bye403 has a default url of https://www.example.com/secret. Here's a sample of what's printed to stdout without adding any additional flags:
```
404: GET request
http://www.example.com/secret/.404: GET request
https://www.example.com/secret
headers: [X-Remote-IP localhost:443]501: REBIND request
https://www.example.com/secret404: GET request
http://www.example.com/%2e/secret404: GET request
https://www.example.com/secret
headers: [X-Remote-IP localhost:80]404: POST request
https://www.example.com/secret404: GET request
https://www.example.com/secret
headers: [X-Remote-IP 127.0.0.1]404: GET request
https://www.example.com/secret
headers: [X-Remote-IP 127.0.0.1:80]404: GET request
https://www.example.com/secret;/
```## Install
First, you'll need to [install go](https://golang.org/doc/install). Then, run the following command:```
go install github.com/davemolk/bye403/cmd/bye403@latest
```## Flags
```
Usage of bye403:
-c int
max number of goroutines to use at any given time
-h bool
manipulate headers
-i bool
read url off stdin
-ignore string
status code responses to ignore (403 is ignored by default)
-insecure bool
accept any certificate and host name presented by server
-m bool
manipulate http method
-os string
operating system (used in request header creation)
-p bool
manipulate path
-proxy string
proxy to use
-r bool
allow redirects
-rh bool
include response headers in output
-s bool
silent error reporting
-sc string
filter output by status code(s)
-t int
request timeout (in ms)
-u string
target url
-v bool
validate url before running program
```## Note
Each request gets a randomly assigned user agent corresponding to your os as well as appropriate headers (50/50 chance of chrome or firefox). Go unfortunately doesn't preserve header order, so if that's important to you and what you're up to, you'll have to look elsewhere.## Thanks
I looked at these, more or less ported them to Go, and added a bunch of new features. Enjoy!
* [byp4xx](https://github.com/lobuhi/byp4xx)
* [403bypasser](https://github.com/yunemse48/403bypasser)