Beranda>Sumber daya pembuatan situs web>Data situs web
Unduh

Terlarang

Bypass 4xx HTTP Status Status Kode dan Lainnya. Berdasarkan permintaan Pycurl dan Python.

Script menggunakan multithreading dan didasarkan pada pemaksaan brute, dan dengan demikian, mungkin memiliki hasil positif palsu. Script memiliki output berwarna.

Hasil akan diurutkan berdasarkan kode status respons HTTP, HTTP Response Content Length Descending, dan ID Ascending.

Untuk menyaring hasil positif palsu secara manual, untuk setiap panjang konten respons HTTP yang unik, jalankan perintah curl yang disediakan dan periksa apakah respons HTTP menghasilkan bypass; Jika tidak, abaikan saja semua hasil dengan panjang konten respons HTTP yang sama.

Deskripsi tes Tes
Permintaan HTTP dan HTTPS pada keduanya, nama domain dan IP. basis
Metode HTTP + w/ Content-Length: 0 header permintaan http. metode
Cross-Site Tracing (XST) W/ HTTP Trace dan Metode Track. metode
[Teks] File Unggah w/ http Metode put pada semua direktori URL. metode
Metode http menimpa header permintaan http dan URL kueri string params. metode-overrides
Penanggulangan Skema URL. skema-overrides
Port Overrides. Port-overrides
Pengungkapan Informasi Accept HEADER Permintaan HTTP. header
Header permintaan http. header
URL Override + w/ URL yang dapat diakses. header
HTTP Host override w/ double Host header permintaan http. header
Header Permintaan HTTP dengan nilai yang disediakan pengguna. nilai
Path URL Bypass. jalan setapak
Transformasi dan pengkodean URL. Pengkodean
Sesi Dasar dan Pembawa + W/ NULL Sesi dan JWT berbahaya. auth
Buka Redirects, OOB, dan SSRF. pengalihan
Parsers URL yang rusak, OOB, dan SSRF. Parser

Periksa skrip pengujian stres di sini. Terinspirasi oleh tulisan ini.

Perpanjang skrip sesuai keinginan Anda.

Sumber header HTTP yang bagus:

  • pengembang.mozilla.org/en-us/docs/web/http/headers
  • pengembang.cloudflare.com/fundamentals/reference/http-request-headers
  • udger.com/resources/http-request-headers
  • WebConcepts.info/Consepts/http-header
  • webtechsurvey.com/common-response-headers

Diuji pada Kali Linux V2023.4 (64-bit).

Dibuat untuk tujuan pendidikan. Saya berharap ini akan membantu!

Perkataan:

  • Semua header permintaan HTTP, nilai, bypass jalur URL, dll., Divalidasi berdasarkan dokumentasi resmi atau penulisan INFOSEC publik,
  • Secara default, Forbidden "terkunci" ke PycURL dan Stresser "terkunci" untuk Python Requests ,
  • Permintaan Python hingga 3x lebih cepat dari Pycurl, tetapi Pycurl sedikit lebih dapat disesuaikan,
  • Pycurl mungkin juga melempar OSError jika sejumlah besar utas digunakan karena membuka terlalu banyak file cookie sesi sekaligus,
  • Secara default, hanya kode status HTTP 2xx dan 3xx yang termasuk dalam hasil dan ditampilkan dalam output,
  • atribut length dalam hasil hanya mencakup panjang tubuh respons http,
  • Menguji double headers dikunci untuk Python Requests karena pycurl tidak mendukungnya,
  • encodings pengujian terkunci ke PycURL karena permintaan Python tidak mendukungnya,
  • Koneksi dan baca timeout diatur ke 60 detik,
  • Waspadalah terhadap rate limiting dan perlindungan anti-bot serupa lainnya, luangkan waktu sebelum menjalankan skrip lagi pada domain yang sama,
  • Beberapa proksi web mungkin menormalkan URL (misalnya, saat menguji encodings ), memodifikasi permintaan HTTP, atau menjatuhkan permintaan HTTP sepenuhnya,
  • Beberapa situs web mungkin memerlukan header permintaan HTTP User-Agent yang valid atau sangat spesifik,
  • Penelusuran lintas situs (XST) no longer dianggap sebagai kerentanan.

Rencana Prioritas Tinggi:

  • Tambahkan opsi diam, untuk tidak menampilkan output konsol,
  • Tambahkan opsi tanpa warna, untuk tidak menampilkan warna di output konsol,
  • Gunakan brute forcing untuk memvalidasi metode http yang diizinkan jika metode opsi http tidak diizinkan,
  • Tambahkan tes untuk cookie HTTP, header permintaan HTTP User-Agent , CRLF, dan LOG4J.

Rencana Prioritas Rendah:

  • Tambahkan opsi untuk menguji pasangan nilai header http khusus untuk daftar domain/subdomain.

Daftar isi

  • Cara menginstal
    • Instal Pycurl
    • Instalasi Standar
    • Bangun dan instal dari sumbernya
  • URL tunggal
  • Beberapa URL
  • Metode HTTP
  • Header permintaan http
  • Jalur URL
  • Format hasil
  • Penggunaan
  • Gambar

Cara menginstal

Instal Pycurl

Di Kali Linux, seharusnya tidak ada masalah; Kalau tidak, jalankan: 

apt-get -y install libcurl4-gnutls-dev librtmp-dev

pip3 install --upgrade pycurl

Di Windows OS, unduh dan instal pycurl dari www.lfd.uci.edu/~gohlke. Diuji hanya pada Windows 10.

Di macOS, jalankan: 

brew uninstall curl
brew uninstall openssl

brew install curl
brew install openssl

echo ' export PATH="/opt/homebrew/opt/curl/bin:$PATH" ' >> ~ /.zshrc
echo ' export PATH="/opt/homebrew/opt/openssl@3/bin:$PATH" ' >> ~ /.zshrc
source ~ /.zshrc

export LDFLAGS= " -L/opt/homebrew/opt/curl/lib "
export CPPFLAGS= " -I/opt/homebrew/opt/curl/include "
export PYCURL_SSL_LIBRARY=openssl

pip3 install --no-cache-dir --compile --ignore-installed --config-setting= " --with-openssl= " --config-setting= " --openssl-dir=/opt/homebrew/opt/openssl@3 " pycurl

Instalasi Standar 

pip3 install --upgrade forbidden

Bangun dan instal dari sumbernya 

git clone https://github.com/ivan-sincek/forbidden && cd forbidden

python3 -m pip install --upgrade build

python3 -m build

python3 -m pip install dist/forbidden-12.6-py3-none-any.whl

URL tunggal

Bypass 403 Forbidden : 

 forbidden -u https://target.com -t base,methods,method-overrides,scheme-overrides,port-overrides,headers,paths-ram,encodings -f GET -l base,path -o forbidden_403_results.json

Bypass 403 Forbidden dengan Pengujian Stres: 

mkdir stresser_403_results

stresser -u https://target.com -dir stresser_403_results -r 1000 -th 200 -f GET -l base -o stresser_403_results.json

Bypass 401 Unauthorized : 

 forbidden -u https://target.com -t auths -f GET -l base -o forbidden_401_results.json

Tes Open Redirects, OOB, dan SSRF: 

 forbidden -u https://target.com -t redirects -f GET -l base -e xyz.interact.sh -o forbidden_redirect_results.json

Tes Parsers URL yang rusak, OOB, dan SSRF: 

 forbidden -u https://target.com -t parsers -f GET -l base -e xyz.interact.sh -o forbidden_parser_results.json

Beberapa URL

Bypass 403 Forbidden : 

count=0 ; for subdomain in $( cat subdomains_403.txt ) ; do count= $(( count + 1 )) ; echo " # ${count} | ${subdomain} " ; forbidden -u " ${subdomain} " -t base,methods,method-overrides,scheme-overrides,port-overrides,headers,paths,encodings -f GET -l base,path -o " forbidden_403_results_ ${count} .json " ; done

Bypass 403 Forbidden dengan Pengujian Stres: 

mkdir stresser_403_results

count=0 ; for subdomain in $( cat subdomains_403.txt ) ; do count= $(( count + 1 )) ; echo " # ${count} | ${subdomain} " ; stresser -u " ${subdomain} " -dir stresser_403_results -r 1000 -th 200 -f GET -l base -o " stresser_403_results_ ${count} .json " ; done

Bypass 401 Unauthorized : 

count=0 ; for subdomain in $( cat subdomains_401.txt ) ; do count= $(( count + 1 )) ; echo " # ${count} | ${subdomain} " ; forbidden -u " ${subdomain} " -t auths -f GET -l base -o " forbidden_401_results_ ${count} .json " ; done

Tes Open Redirects, OOB, dan SSRF: 

count=0 ; for subdomain in $( cat subdomains_live_long.txt ) ; do count= $(( count + 1 )) ; echo " # ${count} | ${subdomain} " ; forbidden -u " ${subdomain} " -t redirects -f GET -l base -e xyz.interact.sh -o " forbidden_redirect_results_ ${count} .json " ; done

Tes Parsers URL yang rusak, OOB, dan SSRF: 

count=0 ; for subdomain in $( cat subdomains_live_long.txt ) ; do count= $(( count + 1 )) ; echo " # ${count} | ${subdomain} " ; forbidden -u " ${subdomain} " -t parsers -f GET -l base -e xyz.interact.sh -o " forbidden_parser_results_ ${count} .json " ; done

Metode HTTP 

 ACL
ARBITRARY
BASELINE-CONTROL
BIND
CHECKIN
CHECKOUT
CONNECT
COPY
GET
HEAD
INDEX
LABEL
LINK
LOCK
MERGE
MKACTIVITY
MKCALENDAR
MKCOL
MKREDIRECTREF
MKWORKSPACE
MOVE
OPTIONS
ORDERPATCH
PATCH
POST
PRI
PROPFIND
PROPPATCH
PUT
REBIND
REPORT
SEARCH
SHOWMETHOD
SPACEJUMP
TEXTSEARCH
TRACE
TRACK
UNBIND
UNCHECKOUT
UNLINK
UNLOCK
UPDATE
UPDATEREDIRECTREF
VERSION-CONTROL

Header permintaan http

Metode overrides: 

 X-HTTP-Method
X-HTTP-Method-Override
X-Method-Override

SCHEME OVERRIDES: 

 X-Forwarded-Proto
X-Forwarded-Protocol
X-Forwarded-Scheme
X-Scheme
X-URL-Scheme

Port Overrides: 

 X-Forwarded-Port

Lainnya: 

 19-Profile
Base-URL
CF-Connecting-IP
Client-IP
Cluster-Client-IP
Destination
Forwarded
Forwarded-For
Forwarded-For-IP
From
Host
Incap-Client-IP
Origin
Profile
Proxy
Redirect
Referer
Remote-Addr
Request-URI
True-Client-IP
URI
URL
WAP-Profile
X-Client-IP
X-Cluster-Client-IP
X-Custom-IP-Authorization
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Path
X-Forwarded-Server
X-HTTP-DestinationURL
X-HTTP-Host-Override
X-Host
X-Host-Override
X-Original-Forwarded-For
X-Original-Remote-Addr
X-Original-URL
X-Originally-Forwarded-For
X-Originating-IP
X-Override-URL
X-Proxy-Host
X-Proxy-URL
X-ProxyUser-IP
X-Real-IP
X-Referer
X-Remote-Addr
X-Remote-IP
X-Requested-With
X-Rewrite-URL
X-Server-IP
X-True-Client-IP
X-True-IP
X-Wap-Profile

Jalur URL

Suntikkan di awal, akhir, dan keduanya, awal dan akhir jalur URL.

Uji menggunakan setiap kombinasi yang mungkin dari set muatan (default - cluster bom) atau tempatkan muatan yang sama ke semua posisi muatan yang ditentukan secara bersamaan (Battering RAM). 

 /
//
%09
%20
%23
%2e
%a0
*
.
..
;
.;
..;
/;/
;/../../
;foo=bar;

Menyuntikkan di ujung jalur URL. 

 #
##
##random
*
**
**random
.
..
..random
?
??
??random
~
~~
~~random

Suntikkan di ujung jalur URL hanya jika tidak berakhir dengan slash ke depan. 

 .asp
.aspx
.esp
.html
.jhtml
.json
.jsp
.jspa
.jspx
.php
.sht
.shtml
.xhtml
.xml

Format hasil 

[
    {
        "id" : " 860-HEADERS-3 " ,
        "url" : " https://example.com:443/admin " ,
        "method" : " GET " ,
        "headers" : [
            " Host: 127.0.0.1 "
        ],
        "cookies" : [],
        "body" : null ,
        "user_agent" : " Forbidden/12.6 " ,
        "command" : " curl --connect-timeout 60 -m 60 -iskL --max-redirs 10 --path-as-is -A 'Forbidden/12.6' -H 'Host: 127.0.0.1' -X 'GET' 'https://example.com:443/admin' " ,
        "code" : 200 ,
        "length" : 255408
    },
    {
        "id" : " 861-HEADERS-3 " ,
        "url" : " https://example.com:443/admin " ,
        "method" : " GET " ,
        "headers" : [
            " Host: 127.0.0.1:443 "
        ],
        "cookies" : [],
        "body" : null ,
        "user_agent" : " Forbidden/12.6 " ,
        "command" : " curl --connect-timeout 60 -m 60 -iskL --max-redirs 10 --path-as-is -A 'Forbidden/12.6' -H 'Host: 127.0.0.1:443' -X 'GET' 'https://example.com:443/admin' " ,
        "code" : 200 ,
        "length" : 255408
    }
]

Penggunaan 

 Forbidden v12.6 ( github.com/ivan-sincek/forbidden )

Usage:   forbidden -u url                       -t tests [-f force] [-v values    ] [-p path ] [-o out         ]
Example: forbidden -u https://example.com/admin -t all   [-f POST ] [-v values.txt] [-p /home] [-o results.json]

DESCRIPTION
    Bypass 4xx HTTP response status codes and more
URL
    Inaccessible URL
    -u, --url = https://example.com/admin | etc.
IGNORE QUERY STRING AND FRAGMENT
    Ignore URL query string and fragment
    -iqsf, --ignore-query-string-and-fragment
IGNORE CURL
    Use Python Requests instead of the default PycURL where applicable
    PycURL might throw OSError if large number of threads is used due to opening too many session cookie files at once
    -ic, --ignore-curl
TESTS
    Tests to run
    Use comma-separated values
    Specify 'paths-ram' to use battering ram attack or 'paths' to use the default cluster bomb attack
    Specify 'values' to test HTTP request headers with user-supplied values passed using the '-v' option
    -t, --tests = base | methods | (method|scheme|port)-overrides | headers | values | paths[-ram] | encodings | auths | redirects | parsers | all
FORCE
    Force an HTTP method for all non-specific test cases
    -f, --force = GET | POST | CUSTOM | etc.
VALUES
    File with additional HTTP request header values or a single value, e.g., internal IP, etc.
    Tests: values
    -v, --values = values.txt | 10.10.15.20 | etc.
PATH
    Accessible URL path to test URL overrides
    Tests: headers
    Default: /robots.txt | /index.html | /sitemap.xml | /README.txt
    -p, --path = /home | etc.
EVIL
    Evil URL to test URL overrides
    Tests: headers | redirects
    Default: https://github.com
    -e, --evil = https://xyz.interact.sh | https://xyz.burpcollaborator.net | etc.
HEADER
    Specify any number of extra HTTP request headers
    Extra HTTP request headers will not override test's HTTP request headers
    Semi-colon in, e.g., 'Content-Type;' will expand to an empty HTTP request header
    -H, --header = "Authorization: Bearer ey..." | Content-Type; | etc.
COOKIE
    Specify any number of extra HTTP cookies
    Extra HTTP cookies will not override test's HTTTP cookies
    -b, --cookie = PHPSESSIONID=3301 | etc.
IGNORE
    Filter out 200 OK false positive results with RegEx
    Spacing will be stripped
    -i, --ignore = Inaccessible | "Access Denied" | etc.
CONTENT LENGTHS
    Filter out 200 OK false positive results by HTTP response content lengths
    Specify 'base' to ignore content length of the base HTTP response
    Specify 'path' to ignore content length of the accessible URL response
    Use comma-separated values
    -l, --content-lengths = 12 | base | path | etc.
REQUEST TIMEOUT
    Request timeout
    Default: 60
    -rt, --request-timeout = 30 | etc.
THREADS
    Number of parallel threads to run
    More threads mean more requests sent in parallel, but may also result in more false positives
    Highly dependent on internet connection speed and server capacity
    Default: 5
    -th, --threads = 20 | etc.
SLEEP
    Sleep time in milliseconds before sending an HTTP request
    Intended for a single-thread use
    -s, --sleep = 500 | etc.
USER AGENT
    User agent to use
    Default: Forbidden/12.6
    -a, --user-agent = curl/3.30.1 | random[-all] | etc.
PROXY
    Web proxy to use
    -x, --proxy = http://127.0.0.1:8080 | etc.
HTTP RESPONSE STATUS CODES
    Include only specific HTTP response status codes in the results
    Use comma-separated values
    Default: 2xx | 3xx
    -sc, --status-codes = 1xx | 2xx | 3xx | 4xx | 5xx | all
SHOW TABLE
    Display the results in a table instead of JSON
    Intended for a wide screen use
    -st, --show-table
OUT
    Output file
    -o, --out = results.json | etc.
DUMP
    Dump all the test records in the output file without running them
    -dmp, --dump
DEBUG
    Debug output
    -dbg, --debug

 Stresser v12.6 ( github.com/ivan-sincek/forbidden )

Usage:   stresser -u url                        -dir directory -r repeat -th threads [-f force] [-o out         ]
Example: stresser -u https://example.com/secret -dir results   -r 1000   -th 200     [-f GET  ] [-o results.json]

DESCRIPTION
    Bypass 4xx HTTP response status codes with stress testing
URL
    Inaccessible URL
    -u, --url = https://example.com/admin | etc.
IGNORE QUERY STRING AND FRAGMENT
    Ignore URL query string and fragment
    -iqsf, --ignore-query-string-and-fragment
IGNORE PYTHON REQUESTS
    Use PycURL instead of the default Python Requests where applicable
    PycURL might throw OSError if large number of threads is used due to opening too many session cookie files at once
    -ir, --ignore-requests
FORCE
    Force an HTTP method for all non-specific test cases
    -f, --force = GET | POST | CUSTOM | etc.
HEADER
    Specify any number of extra HTTP request headers
    Extra HTTP request headers will not override test's HTTP request headers
    Semi-colon in, e.g., 'Content-Type;' will expand to an empty HTTP request header
    -H, --header = "Authorization: Bearer ey..." | Content-Type; | etc.
COOKIE
    Specify any number of extra HTTP cookies
    Extra HTTP cookies will not override test's HTTTP cookies
    -b, --cookie = PHPSESSIONID=3301 | etc.
IGNORE
    Filter out 200 OK false positive results with RegEx
    Spacing will be stripped
    -i, --ignore = Inaccessible | "Access Denied" | etc.
CONTENT LENGTHS
    Filter out 200 OK false positive results by HTTP response content lengths
    Specify 'base' to ignore content length of the base HTTP response
    Use comma-separated values
    -l, --content-lengths = 12 | base | etc.
REQUEST TIMEOUT
    Request timeout
    Default: 60
    -rt, --request-timeout = 30 | etc.
REPEAT
    Number of total HTTP requests to send for each test case
    -r, --repeat = 1000 | etc.
THREADS
    Number of parallel threads to run
    -th, --threads = 20 | etc.
USER AGENT
    User agent to use
    Default: Stresser/12.6
    -a, --user-agent = curl/3.30.1 | random[-all] | etc.
PROXY
    Web proxy to use
    -x, --proxy = http://127.0.0.1:8080 | etc.
HTTP RESPONSE STATUS CODES
    Include only specific HTTP response status codes in the results
    Use comma-separated values
    Default: 2xx | 3xx
    -sc, --status-codes = 1xx | 2xx | 3xx | 4xx | 5xx | all
SHOW TABLE
    Display the results in a table instead of JSON
    Intended for a wide screen use
    -st, --show-table
OUT
    Output file
    -o, --out = results.json | etc.
DIRECTORY
    Output directory
    All valid and unique HTTP responses will be saved in this directory
    -dir, --directory = results | etc.
DUMP
    Dump all the test records in the output file without running them
    -dmp, --dump
DEBUG
    Debug output
    -dbg, --debug

Gambar

Contoh Dasar

Gambar 1 - Contoh Dasar

Contoh Dasar

Gambar 2 - Contoh Dasar (Output Tabel)

Catatan tes dumping

Gambar 3 - Catatan Tes Dumping

Memperluas
Informasi Tambahan
Aplikasi Terkait
Direkomendasikan untuk Anda
Informasi Terkait Semua