Bypass Url Parser: Tests MANY url bypasses to reach a 40X protected page

Bypass Url Parser

Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here’s why:

• Most of the Python requests do url/path/parameter encoding/decoding, and I hate this.
• If I submit raw chars, I want raw chars to be sent.
• If I send a weird path, I want it weird, not normalized.

This is surprisingly hard to achieve in Python without losing all of the lib goodies like parsing, ssl/tls encapsulation, and so on. So, be like me, use curl as a backend, it’s gonna be just fine.

Also, this tool can be used as a library, see lib_sample_usage.py

More about supported arguments

Arguments parsing

Bypass_url_parser allows to define some arguments in many ways:

• -m, --mode, -s, --spoofip and -p, --spoofport arguments can be a filename, a string, a comma-separated string list or a list (when Bypasser is used as a library);
• -u, --url argument can be a filename, a string or a list (when Bypasser is used as a library);
• stdin (with -) is supported for all these arguments.

For example, if you want to define several target urls (-u, --url), all the following commands produce the same result:

bypass-url-parser -u http://thinkloveshare.com/test
bypass-url-parser -u /path/urls
cat /path/urls | bypass-url-parser -u -
echo 'http://thinkloveshare.com/test' | bypass-url-parser -u -

Target definition

A target must be defined for the tool to work. 2 options:

• -u, --url: URL(s), in GET
• -R, --request: Request file. The protocol can’t be guessed from file, so http by default or https if --request-tls option is present.

Bypass mode

If -m, --mode is specified, you can select the desired bypass mode to run a specific test (or tests) and reduce the number of requests sent by the tool.

For now, the following bypass mode(s) are supported:

all, mid_paths, end_paths, case_substitution, char_encode, http_methods, http_versions, http_headers_method, http_headers_scheme, http_headers_ip, http_headers_port, http_headers_url

Example:

bypass-url-parser -u /path/urls -m "case_substitution, char_encode, http_headers_scheme"

Spoofip / Spoofport

In order to customize the ip addresses and ports used in bypass attempts, the tool supports the following options:

• With -s, --spoofip you can set some IP(s) to inject into ip-specific headers (X-Forwarded-For, X-Real-Ip, etc.)
• With -p, --spoofport you can set some ports to inject into port-specific headers (X-Forwarded-Port)

By default, these custom entries are added to the internal IP/port lists. If you want to use only your IP(s)/port(s), you can use --spoofip-replace and/or --spoofport-replace arguments.

Example:

bypass-url-parser -u /path/urls -s /path/custom_ip --spoofip-replace
bypass-url-parser -u /path/urls -p "3000, 9443, 10443"

JSON-Lines output and command piping

With the --jsonl option, it’s possible to print the results on stdout in JSON-Lines format. The standard tool’s output and results are displayed with a logger on stderr, so it is possible to pipe the JSON-Line output format with other tools:

bypass-url-parser -u "https://thinkloveshare.com/juicy_403_endpoint/" -t 20 -S 0 -m case_substitution,char_encode --jsonl | jq

Notes: With -S 2 ou -S 3, the JSON-Lines output also includes the path and the name of saved html files.

Copyright (C) 2022 Laluka