Skip to content

Latest commit

 

History

History
75 lines (54 loc) · 4.26 KB

README.md

File metadata and controls

75 lines (54 loc) · 4.26 KB

Bypass403

Using this tool, you can fuzz your 403/401 endpoint and try to access it without any restrictions
You can also customize your payloads and update them regularly

How To Use?

  1. git clone https://github.com/rezasarvani/bypass403
  2. cd bypass403
  3. python main.py -u "TargetURL"
    Note: more examples are at the end of the page

Prerequisite

  1. Python 3.6+
  2. requests
  3. json

Why This Tool?

Two main reasons to use this tool:

  1. the current signatures of the tool are updated and it is based on multiple Bug Bounty Writeups
  2. You can customize signatures and add new ones based on your own methodology Super Easy

Signatures

bypassList.txt

In this file, there are general bypasses for both Domain/Subdomain restrictions (secret.example.tld) and Path restrictions (example.tld/secret)
format: each line must contain one json containing below parameters

Parameter Values
http_method You can specify which method you want to use to send your request with.
Possible Values: GET, POST, OPTIONS, PUT, DELETE, PATCH
Mandatory Paramter
path You can specify a path which you want to append to your request during sending the request.
Example: /.json
Output: https://example.tld/.json
If you dont want to add any path, leave this parameter empty
Mandatory Paramter
protocol You can specify which schema to use while sending the request
Possible Values: http, https, {{schema}}
Note: if you add {{schema}} it means that you want to use deafult target schema
Note: if you specify rev:{{schema}} it means that you want to use a reverse schema based on your target.
Target: https --> Request: http
Mandatory Paramter
header You can specify custom headers to send along with the request
Format: headerName:headerValueheaderName2:valueName2
Example: X-HTTP-Method-Override:PUT
Example2: X-HTTP-Method-Override:PUT
Host:google.com
Optional Paramter

Example

{"http_method": "GET", "path": "", "protocol": "{{schema}}", "header": "X-HTTP-Method-Override:PUT"}

pathBasedBypassList.txt

In this file, there are bypasses mostly used for bypassing Path restrictions (example.tld/secret)
format: each line must contain one json containing below parameters

Parameter Values
http_method You can specify which method you want to use to send your request with.
Possible Values: GET, POST, OPTIONS, PUT, DELETE, PATCH
Mandatory Paramter
protocol You can specify which schema to use while sending the request
Possible Values: http, https, {{schema}}
Note: if you add {{schema}} it means that you want to use deafult target schema
Note: if you specify rev:{{schema}} it means that you want to use a reverse schema based on your target.
Target: https --> Request: http
Mandatory Paramter
pattern You can specify a pattern in order to edit restricted path and prepend or append something to it.
Format: POSITIONPAYLOAD|POSITIONPAYLOAD
Possible Positions: before, after
Example: before~/%2e/
Input: example.tld/secret
Output: example.tld/%2e/secret
Mandatory Paramter

Example

{"http_method": "GET", "protocol": "{{schema}}", "pattern": "before~/%ef%bc%8f"}

Tool Switches

Switch Description
-u You can specify you target domain using this switch
example: -u "https://target.tld"
Mandatory Paramter
-p Using this switch you specify whether or not you want to use Path-Based Payloads
Valid Paramters: y, n
Default: n
Optional Paramter
-o If you want to save output somewhere besides stdout, use this switch and pass your desired file name to it
Default: -
Optional Paramter
-o There is a function named 'CustomAttacks' in the code, which you can create some custom requests but requiers a very little python knowledge
There are already two attacks in there, if you want to use them, pass 'y' to this switch
Default: n
Optional Paramter

Example

python main.py -u "https://target.tld" -p "y"



Note: If you got multiple Hits, consider checking Content-Length in order to check wheter or not it was False Positive caused by your payloads