403bypasser, erişim kısıtlaması bulunan sayfalardaki kısıtlamaları ve kontrolleri atlatmak amacıyla kullanılan teknikleri otomatize etmek için yazılmıştır. Bu araç geliştirilmeye devam edecektir, katkılara açıktır.
403bypasser has been written to automate the techniques used to circumvent restrictions and access controls on restricted pages. 403bypasser will continue to be improved and it is open to contributions.
Arguments:
1.1 -u <single_url> ex: /admin, admin, /admin/, admin/ 403bypasser handles all these usages in the same way, it does not matter which one you prefer!
-U <path_of_URL_list>
-d <single_directory>
-D <path_of_directory_list>
Argument | Description | Example | Note |
---|---|---|---|
-u | single URL to scan | https://example.com or https://example.com/ | All these example usages are handled in the same way |
- Testing
https://url.com/path
- Testing
https://url.com/%2e/path
- Testing
https://url.com/path/.
- Testing
https://url.com//path//
- Testing
https://url.com/./path/./
- Testing
https://url.com/path/
- Testing
https://url.com/path..;/
- Testing
https://url.com/path
with header poisoningX-Custom-IP-Authorization: 127.0.0.1
- Testing
https://url.com/anything
with header poisoningX-Original-URL: /directory
- Testing
https://url.com
with header poisoningX-Rewrite-URL: /directory
Added Features in v1.1: It's now possible to pass files (lists) to 403bypasser as input via arguments. Furthermore, two more test cases added:
poisoning with 1)X-Original-URL
and 2)X-Rewrite-URL
headers.