403bypasser, erişim kısıtlaması bulunan sayfalardaki kısıtlamaları ve kontrolleri atlatmak amacıyla kullanılan teknikleri otomatize etmek için yazılmıştır. Bu araç geliştirilmeye devam edecektir, katkılara açıktır.
403bypasser has been written to automate the techniques used to circumvent restrictions and access controls on restricted pages. 403bypasser will continue to be improved and it is open to contributions.
Arguments:
1.1 -u <single_url> ex: /admin, admin, /admin/, admin/ 403bypasser handles all these usages in the same way, it does not matter which one you prefer!
-U <path_of_URL_list>
-d <single_directory>
-D <path_of_directory_list>
| Argument | Description | Example | Note |
|---|---|---|---|
| -u | single URL to scan | https://example.com or https://example.com/ | All these example usages are handled in the same way |
- Testing
https://url.com/path - Testing
https://url.com/%2e/path - Testing
https://url.com/path/. - Testing
https://url.com//path// - Testing
https://url.com/./path/./ - Testing
https://url.com/path/ - Testing
https://url.com/path..;/ - Testing
https://url.com/pathwith header poisoningX-Custom-IP-Authorization: 127.0.0.1 - Testing
https://url.com/anythingwith header poisoningX-Original-URL: /directory - Testing
https://url.comwith header poisoningX-Rewrite-URL: /directory
Added Features in v1.1: It's now possible to pass files (lists) to 403bypasser as input via arguments. Furthermore, two more test cases added:
poisoning with 1)X-Original-URL and 2)X-Rewrite-URL headers.