Using this tool, you can fuzz your 403/401 endpoint and try to access it without any restrictions
You can also customize your payloads and update them regularly
- git clone https://github.com/rezasarvani/bypass403
- cd bypass403
- python main.py -u "TargetURL"
Note: more examples are at the end of the page
- Python 3.6+
- requests
- json
Two main reasons to use this tool:
- the current signatures of the tool are updated and it is based on multiple Bug Bounty Writeups
- You can customize signatures and add new ones based on your own methodology Super Easy
In this file, there are general bypasses for both Domain/Subdomain restrictions (secret.example.tld) and Path restrictions (example.tld/secret)
format: each line must contain one json containing below parameters
| Parameter | Values |
|---|---|
| http_method | You can specify which method you want to use to send your request with. Possible Values: GET, POST, OPTIONS, PUT, DELETE, PATCH Mandatory Paramter |
| path | You can specify a path which you want to append to your request during sending the request. Example: /.json Output: https://example.tld/.json If you dont want to add any path, leave this parameter empty Mandatory Paramter |
| protocol | You can specify which schema to use while sending the request Possible Values: http, https, {{schema}} Note: if you add {{schema}} it means that you want to use deafult target schema Note: if you specify rev:{{schema}} it means that you want to use a reverse schema based on your target. Target: https --> Request: http Mandatory Paramter |
| header | You can specify custom headers to send along with the request Format: headerName:headerValue Example: X-HTTP-Method-Override:PUT Example2: X-HTTP-Method-Override:PUT Optional Paramter |
{"http_method": "GET", "path": "", "protocol": "{{schema}}", "header": "X-HTTP-Method-Override:PUT"}
In this file, there are bypasses mostly used for bypassing Path restrictions (example.tld/secret)
format: each line must contain one json containing below parameters
| Parameter | Values |
|---|---|
| http_method | You can specify which method you want to use to send your request with. Possible Values: GET, POST, OPTIONS, PUT, DELETE, PATCH Mandatory Paramter |
| protocol | You can specify which schema to use while sending the request Possible Values: http, https, {{schema}} Note: if you add {{schema}} it means that you want to use deafult target schema Note: if you specify rev:{{schema}} it means that you want to use a reverse schema based on your target. Target: https --> Request: http Mandatory Paramter |
| pattern | You can specify a pattern in order to edit restricted path and prepend or append something to it. Format: POSITION Possible Positions: before, after Example: before~/%2e/ Input: example.tld/secret Output: example.tld/%2e/secret Mandatory Paramter |
{"http_method": "GET", "protocol": "{{schema}}", "pattern": "before~/%ef%bc%8f"}
| Switch | Description |
|---|---|
| -u | You can specify you target domain using this switch example: -u "https://target.tld" Mandatory Paramter |
| -p | Using this switch you specify whether or not you want to use Path-Based Payloads Valid Paramters: y, n Default: n Optional Paramter |
| -o | If you want to save output somewhere besides stdout, use this switch and pass your desired file name to it Default: - Optional Paramter |
| -o | There is a function named 'CustomAttacks' in the code, which you can create some custom requests but requiers a very little python knowledge There are already two attacks in there, if you want to use them, pass 'y' to this switch Default: n Optional Paramter |
python main.py -u "https://target.tld" -p "y"
Note: If you got multiple Hits, consider checking Content-Length in order to check wheter or not it was False Positive caused by your payloads