bbot icon indicating copy to clipboard operation
bbot copied to clipboard

Published 20 hours ago verified publisher icon blacklanternsecurity

Bypass403

Open Sh4d0wHunt3rX opened this issue 10 months ago • 6 comments

I'm testing bypass403 module on my own site. I have a question.

For example from cloudflare I added this header rule, so it will work like this:

curl -ks -H 'X-Forwarded-For: 127.0.0.1' -X GET 'https://www.3r.wtf/' -H 'User-Agent: Mozilla/5.0'

Now, I use this:

bbot -t 3r.wtf -m httpx bypass403 -om asset_inventory -c web_spider_distance=4 web_spider_depth=4

Now, I expect bbot to actually bypass it and crawl the links, but it's not crawling.

Can't it automatically add the header to requests to bypass and crawl?

Sh4d0wHunt3rX avatar Apr 15 '24 11:04 Sh4d0wHunt3rX

I think we could probably solve this by manually emitting the contents of the successful bypass as an http_response, @TheTechromancer do you see any issues with doing that?

@amiremami would you be ok with me testing using your site you posted if we do this?

liquidsec avatar Apr 16 '24 17:04 liquidsec

Yes of course, it's ok by me 🙏

Sh4d0wHunt3rX avatar Apr 16 '24 17:04 Sh4d0wHunt3rX

It would make sense to add this feature after we've implemented the Web Engine. That will include a helper that returns the response in a JSON format similar to HTTP_RESPONSE.

TheTechromancer avatar Apr 16 '24 19:04 TheTechromancer

adding on-hold tag

liquidsec avatar Jun 10 '24 15:06 liquidsec