lobuhi / byp4xx Goto Github PK

looks like not support Windows?

Would be good if it told us where it redirected to. What do you think?

I´ve found a few small bugs.

line 19 - put the url in quotes because of the semicolons
code = popen("curl -k -s -I %s '%s'" % (options_var, payload_var)).read()

line 129 - just cosmetic
print("Between %2e: ",curl_code_response(options+" -X GET",payload))

line 145 - remove the backslash no need to escape
payload=url+"/.;/"+uri

line 147 -remove the backslash no need to escape and add the semicolon
payload=url+";foo=bar;/"+uri

thanks for this cool script!!

As i got 200 ok what should be the payload for it

You mistyped the header 'X-Forwarded-Host' and forgot a 'd', writing 'X-Forwared-Host'.
I suggest you to change it! Great tool anyway!

Congrats on moving to go!

could you add a release or install instructions?

tried this, but there are no releases

go install github.com/lobuhi/byp4xx.git@latest

hallo brother love you works and can you add request file options for sending all this and the template of request.txt based on burpsuite item

byp4xx https://redacted/.htaccess.zip
[+]VERB TAMPERING
CONNECT: HTTP/1.1 400 Bad Request
TRACE: HTTP/1.1 405 Method Not Allowed

[+]HEADERS
X-Original-URL: HTTP/1.1 200 OK
Command: curl -k -s -I -X GET -H "X-Original-URL: /.htaccess.zip" https://redacted/
X-Rewrite-URLL: HTTP/1.1 200 OK
Command: curl -k -s -I -X GET -H "X-Rewrite-URL: /.htaccess.zip" https://redacted

[+]#BUGBOUNTYTIPS
/%ef%bc%8f: HTTP/1.1 404 Not Found
Between /.;/: HTTP/1.1 404 Not Found
Traceback (most recent call last):
File "/home/k/.local/bin//byp4xx", line 8, in
sys.exit(main())
File "/home/k/.local/lib/python3.10/site-packages/byp4xx.py", line 391, in main
result = curl_code_response(options+" -X GET --path-as-is",payload)
File "/home/k/.local/lib/python3.10/site-packages/byp4xx.py", line 34, in curl_code_response
status = code.split(" ")[1] # Status code is in second position
IndexError: list index out of range

Cloning into 'byp4xx'...
fatal: unable to access 'https://github.com/lobuhi/byp4xx.git/': Could not resolve host: github.com

site.com/users/ -> Unauthorized
api.site.com/users -> 200

Reference:
https://twitter.com/hunter0x7/status/1394259215447953414?s=20

It's better to return the content length after the status code 200.
Thanks so much.

Hey. I just installed byp4xx (with git clone) and ran it for test something then I just realized there's an error on HEAD request tab.

Curl Version: curl 7.74.0 (x86_64-pc-linux-gnu) Release-Date: 2020-12-09.

Error Output:

[+]HTTP Methods...
GET request: 404
POST request: 404
HEAD request: curl: option -m: expected a proper numerical parameter
curl: try 'curl --help' or 'curl --manual' for more information

Line 74 and 77 -m flag has 1.0 value
74: STATUS=$(curl $REDIRECT -k -s -o /dev/null -m 1.0 -w "%{http_code}" -X HEAD $URL$DIR)

Then I just changed the -m flag value 1.0 to 1 and its worked fine for me.
74: STATUS=$(curl $REDIRECT -k -s -o /dev/null -m 1 -w "%{http_code}" -X HEAD $URL$DIR)

[+]HTTP Methods...
GET request: 404
POST request: 404
HEAD request: 404

But in this section when a program comes to the head request tab to send request its waiting about 1 or 2 seconds longer than other requests.

Maybe it's not an error but I don't know.I just wanted to announce it :)
Best Regards.

• Add an option to specify a custom path to the template directory.
• This is required if the binary is called via absolute path, so not from within the git directory.

Respected author, please add a license! I suggest MIT

Just as a suggestion for improvement:

Code could use a bit of factorization, for example: factoring when testing the HTTP methods, see the example in the https://gist.github.com/gmt4/59ae5b6b74b4d599044d6739040ccd05.

Best!

Hello! :)

When running this:

$ ./byp4xx.sh -r -c https://www.test.com

I'm getting this:

[+]HTTP Methods...
GET request: 403
POST request: 403
HEAD request: curl: option -m: expected a proper numerical parameter
curl: try 'curl --help' or 'curl --manual' for more information

The byp4xx.sh uses the following command, with the -m option:

echo -n "HEAD request: "
STATUS=$(curl $REDIRECT -k -s -o /dev/null -m 1.0 -w "%{http_code}" -X HEAD $URL$DIR)

If I change to -m 1 (instead of 1.0), it works without the message above.

My setup:

$ uname -r
5.9.0-kali1-amd64

$ curl -V
curl 7.72.0 (x86_64-pc-linux-gnu) libcurl/7.72.0 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.8.0 nghttp2/1.41.0 librtmp/2.3
Release-Date: 2020-08-19

Thanks!

Hey mate,

Sometimes pages redirect to the main site if a path is not found (pretty common nowadays),
with the result being the tool returns a 200 falsely.
Can you add a response size filter for this?

what if i get a 200 response but want to use that to forward with burp suite where can I get the full request the script used and got a 200 request?

Hi,

Is there a reason for removing the trailing "/" in this part :

#Count "/" on target param just to parse the last part of URI path
bar_count = target.count("/")
if target.endswith("/"):
	bar_count = bar_count -1

if bar_count == 2:
	url = target
	uri = ""
	
else:
	aux =  target.split("/")
	url = "/".join(aux[:bar_count])
	uri = aux[bar_count]

In my use case I have a HTTP 405 when not adding the trailing "/" to the request

https://github.com/lobuhi/byp4xx/blame/9d3eb8e11a68d7c8a394f36d5714339f3b6d3fca/byp4xx.py#L250