Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/p0dalirius/ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
https://github.com/p0dalirius/ipsourcebypass
bugbounty bypass headers http ip pentesting python tool
Last synced: 6 days ago
JSON representation
This Python script can be used to bypass IP source restrictions using HTTP headers.
- Host: GitHub
- URL: https://github.com/p0dalirius/ipsourcebypass
- Owner: p0dalirius
- Created: 2021-10-10T13:41:45.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-04-26T09:43:21.000Z (9 months ago)
- Last Synced: 2024-12-29T17:14:34.518Z (13 days ago)
- Topics: bugbounty, bypass, headers, http, ip, pentesting, python, tool
- Language: Python
- Homepage: https://podalirius.net/
- Size: 176 KB
- Stars: 380
- Watchers: 6
- Forks: 54
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
- awesome-hacking-lists - p0dalirius/ipsourcebypass - This Python script can be used to bypass IP source restrictions using HTTP headers. (Python)
README
![](./.github/banner.png)
This Python script can be used to bypass IP source restrictions using HTTP headers.
![](./.github/four_results.png)
## Features
- [x] 17 HTTP headers.
- [x] Multithreading.
- [x] JSON export with `--json outputfile.json`.
- [x] Auto-detecting most successful bypasses.## Usage
```
$ ./ipsourcebypass.py -h
[~] IP source bypass using HTTP headers, v1.2usage: ipsourcebypass.py [-h] [-v] -i IP [-t THREADS] [-x PROXY] [-k] [-L] [-j JSONFILE] [-C] [-H HEADERS] [-S] url
This Python script can be used to test for IP source bypass using HTTP headers
positional arguments:
url e.g. https://example.com:port/pathoptional arguments:
-h, --help show this help message and exit
-v, --verbose arg1 help message
-i IP, --ip IP IP to spoof.
-t THREADS, --threads THREADS
Number of threads (default: 5)
-x PROXY, --proxy PROXY
Specify a proxy to use for requests (e.g., http://localhost:8080)
-k, --insecure Allow insecure server connections when using SSL (default: False)
-L, --location Follow redirects (default: False)
-j JSONFILE, --jsonfile JSONFILE
Save results to specified JSON file.
-C, --curl Generate curl commands for each request.
-H HEADERS, --header HEADERS
arg1 help message
-S, --save Save all HTML responses.
```## Auto-detecting responses that stands out
Results are sorted by uniqueness of their response's length. This means that the results with unique response length will be on top, and results with response's length occurring multiple times at the bottom:
| Two different result lengths | Four different result lengths |
|------------------------------|--------------------------------|
| ![](./.github/two_results.png) | ![](./.github/four_results.png) |## Contributing
Pull requests are welcome. Feel free to open an issue if you want to add other features.