原始403fuzzer.py :)
旁路的Fuzz 401/403端点
该工具通过标头,路径归一化,动词等执行各种检查,以尝试绕过ACL或URL验证。
它将以良好组织的颜色编码方式输出每个请求的响应代码和长度,以使事情变得可重。
我实现了一个“智能过滤器”,可让您静音响应,这些响应在一定次数之后看起来相同。
现在,您可以将其保存到BURP的文件中的原始HTTP请求。
Follow me on twitter! @intrudir
Usage
USAGE: BYPASSFUZZER.PY -HSpecifying a request to test
Best method: Feed it a raw HTTP request from Burp!
只需将请求粘贴到文件中并运行脚本!- 它将解析并使用请求中的cookie标头。 - 为您的请求进行身份验证的最简单方法
python3 bypassfuzzer.py -r request.txt
Using other flags
Specify a URLPYTHON3 BYPASSFUZZER.PY -U http://example.com/TEST1/TEST2/TEST2/TEST2/TEST3/FORBIDDER.HTMLSpecify cookies to use in requests:一些示例3:-cookies'cookie1=blah'
-c'cookie1=blah; cookie2=blah'Specify a method/verb and body data to sendbypassfuzzer.py -u -u https://example.com/forbidden -m post -d'param1=blahparam2=blah2'
bypassfuzzer.py -u https://example.com/forbidden -m put -d param1=blahparam2=blah2'Specify custom headers to use with every request,也许您需要添加某种Auth header
为您要添加的每个其他标头指定-H'Header:值'
bypassfuzzer.py -u https://example.com/forbidden -h'some -header: blah'-h'授权:持久者1234567'
Smart filter feature!
基于响应代码和长度。如果看到响应8次或更多,它将自动静音。重复序列在代码中可更改,直到我添加一个选项将其指定在标志中
NOTE: Can't be used simultaneously with -hc or -hl (yet)#切换智能过滤器
bypassfuzzer.py -u https://example.com/forbidden -smart
Specify a proxy to use
如果您想通过burp代理人有用bypassfuzzer.py -U https://example.com/forbidden -proxy 3http://127.0.0.0.13:8080 :01
Skip sending header payloads or url payloads
#跳过发送标头有效载荷bypassfuzzer.py -U https://example.com/forbidden -SH
bypassfuzzer.py -U https://example.com/forbidden -skip -headers
#跳过发送路径正常化有效载荷
bypassfuzzer.py -u -u https://example.com/forbidden -su
bypassfuzzer.py -U https://example.com/forbidden -skip-urls
Hide response code/length
提供无空间的逗号分隔列表。示例:#隐藏响应代码
bypassfuzzer.py -U https://example.com/forbidden -HC 403,404,400
#隐藏响应长度为638
bypassfuzzer.py -U https://example.com/forbidden -Hl 638
