Skip to content

grf0x/multibypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.img
.img
 
 
multibypass
multibypass
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation


Pentest tool for bypassing 4xx restrictions and spotting unusual 200 OK responses.
Quickly uncovers misconfigurations and weak access controls.


Installation

pipx install multibypass

Usage

usage: multibypass [-X ] [-H ] [-d ] [-b ] [-A ] [-x ] [-L] [-k] [-m ] [-h] [-D ] [-t ] [-s] [-o ] [-q] [-v] [-C] [-n] [-l] [-V] [-j] [-i ] [-w ] url Pentest tool for bypassing restricted access using various techniques. REQUIRED: url Target URL HTTP OPTIONS: -X, --request HTTP method to use (default: GET) -H, --header Add an HTTP header (default: []) -d, --data HTTP request data (default: None) -b, --cookie Add a cookie (default: []) -A, --user-agent Set the User-Agent (default: Mozilla/5.0) -x, --proxy HTTP proxy to use (e.g. http://127.0.0.1:8080) (default: None) -L, --location Follow redirects (default: False) -k, --insecure Allow insecure connections (default: False) -m, --max-time Request timeout in seconds (default: 10) GENERAL OPTIONS: -h, --help Show this help message -D, --delay Delay or delay range between requests (e.g. 0.2 or 0.5-2) (default: 0) -t, --threads Number of threads (default: 32) -s, --stop Stop if the target returns HTTP 429 Too Many Requests (default: False) OUTPUT OPTIONS: -o, --output Write output to file (default: None) -q, --quiet Only show the final analysis (default: False) -v, --verbose Display extra debugging information (default: False) -C, --curl Show recommended curl commands (default: False) -n, --no-color Disable log colorization (default: False) ATTACK OPTIONS: -l, --light Perform a light attack (default: False) -V, --variations Also test case variations (default: False) -j, --json Always use a json body (default: False) -i, --ip Add a custom IP for spoofing attacks (default: []) -w, --wordlists Use a custom wordlist directory (default: install-dir/wordlists)

Implemented Bypass Techniques

Verb Tampering

Use non-standard or alternative HTTP methods to bypass access controls.

Examples:

  • If GET /admin is blocked then POST /admin, HEAD /admin or TRACE /admin can work.
  • Some WAFs/firewalls only filter GET/POST and let others through.
  • GET /admin?method=POST

IP Spoofing via Header Injection

Add an header to impersonate a trusted client, such as an internal, localhost or corporate IP.

Examples:

  • X-Forwarded-For: 127.0.0.1
  • X-Client-IP: 10.0.0.1
  • X-Real-IP: 127.0.0.1

Paths with Alternate Casing

Some servers or filters are case-sensitive, others are not. Changing letter case can bypass filters.

Examples:

  • /ADMIN vs /admin
  • /file.PHp vs /file.php

Searching for Backup Files

Look for misconfigured or forgotten backup/temporary files that bypass access restrictions.

Examples:

  • /admin.bak, /admin.old, /index.php~, /config.php.save
  • Git/SVN metadata: /.git/, /.svn/
  • IDE/editor leftovers: index.php.swp, index.php.bak

Alternate User-Agent

Some applications apply filters or restrictions only to certain clients. Changing the User-Agent header can bypass these filters or reveal hidden functionality.

Examples:

  • Search engine crawler: User-Agent: Googlebot/2.1
  • Custom: User-Agent: Admin

Various Filter Evasion Techniques

Trick input validation and filtering logic.

Examples:

  • Encoding: %2E%2E%2F
  • Double encoding: %252E%252E%252F
  • Path traversal: ../

About

Pentest tool for bypassing restricted access using various techniques

greyf0x.com

Topics

python http pentesting ctf bugbounty cli-tool 403-bypass 4xx-bypass

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Languages