yunemse48 / 403bypasser Goto Github PK

Hi, please add this

Hey mate ,
add all urls list at once so it`s easy to do on all URLS.
cat urls.txt | ./bypass_403.sh

`SyntaxError: ('no viable alternative at input '"STATUS: {colour}{p.status_code}{reset}\tSIZE: {len(p.content)}"'', ('D:\Lily\Soft\Pentest\BurpSuiteV2023.2\BurpSuite-Extensions\403bypasser\403bypasser.py', 173, 16, ' info = f"STATUS: {colour}{p.status_code}{reset}\tSIZE: {len(p.content)}"\n'))

at org.python.core.ParserFacade.fixParseError(ParserFacade.java:95)
at org.python.core.ParserFacade.parse(ParserFacade.java:190)
at org.python.core.Py.compile_flags(Py.java:2249)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:527)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:287)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:577)
at burp.Zmhw.Zw(Unknown Source)
at burp.Zlpg.Zy(Unknown Source)
at burp.Zmqv.Zt(Unknown Source)
at burp.Zah6.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

`

how do i preform x-original-url or x-rewrite-url?

Add headers option to run authenticated scan. Best way would be to add a feature to read a text file which has the original request captured from Burp Suite. Just like sqlmap -r req.txt

Hey, I have a txt file where I have some urls to try. When I try this command: python3 403bypasser.py -u archivo_modificado.txt -d secret. I got an error, the file is in the same folder and thats the right path. So I dont know whats wrong

Hi, In 403bypasser, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

requests
argparse
validators
tldextract
colorama
pyfiglet

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency requests can be changed to >=0.2.1,<=0.2.3.
The version constraint of dependency requests can be changed to >=0.7.0,<=2.24.0.
The version constraint of dependency requests can be changed to ==2.26.0.
The version constraint of dependency argparse can be changed to >=1.2.1,<=1.4.0.
The version constraint of dependency validators can be changed to >=0.2.0,<=0.20.0.
The version constraint of dependency colorama can be changed to ==0.1.
The version constraint of dependency colorama can be changed to >=0.1.3,<=0.1.6.
The version constraint of dependency colorama can be changed to ==0.1.10.
The version constraint of dependency colorama can be changed to >=0.1.13,<=0.1.14.
The version constraint of dependency colorama can be changed to >=0.1.16,<=0.4.5.
The version constraint of dependency pyfiglet can be changed to >=0.7,<=0.8.post1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

requests.get
requests.post

argparse.ArgumentParser.parse_args
argparse.ArgumentParser

validators.url

colorama.init

pyfiglet.Figlet.renderText
pyfiglet.Figlet

tldextract.extract
Arguments
self.dir.self.url.center
self.urls.append
sys.exit
self.checkURL
open
argparse.ArgumentParser
self.createNewPaths
requests.get
self.url.rstrip
Program.initialise
argparse.ArgumentParser.add_argument
os.path.exists
d.lstrip
domain_name.locals.manipulateRequest
validators.url
self.dir.endswith
self.manipulateHeaders
argparse.ArgumentParser.parse_args
Program
Query
self.dir.rstrip
self.dir.startswith
locals
results_2.append
file.readlines
self.dirs.append
pyfiglet.Figlet
PathRepository
colorama.init
Arguments.return_dirs
self.createNewHeaders
pyfiglet.Figlet.renderText
self.newHeaders.append
Arguments.return_urls
self.writeToFile
print
self.checkStatusCode
self.rewriteHeaders.append
requests.post
self.manipulatePath
self.checkDir
self.newPaths.append
len
file.write
x.strip
self.url.endswith
results.append

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.

Py instantly closes once the script loads

Based on a scenario, the tool showed 200 but when adding the same header in Burp Suite shows 302. It would be helpful to get the exact request being passed.

Along with the directions making absolutely no sense, I just don't even understand how to run it. I used the git thingy but I couldn't actually find the file anywhere. And when I just downloaded it normally it crashed on startup.

The question says it all

how do i install

If the URI does not have a directory, it is only a / directory, an error will be reported