Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
Switch branches/tags
Nothing to show
Clone or download
infosec-au Merge pull request #2 from antmldr/master
Python Version Mismatch
Latest commit 35348a6 Dec 5, 2016
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
enumXFF.py
generateIPs.py
requirements.txt

README.md

All you need to do is run the tool from the terminal giving the following input:

  • Page to attempt (http/https://website.com/page)
  • The content length of the response that you get when you are denied
  • The IP range you wish the tool to attempt through X-Forwarded-For

The tool will then simply request the given page with a range of IP addresses and then determine whether or not access to the said page is still forbidden.

python enumXFF.py -t http://sketchysite.com/admin -badcl 234 -r 192.168.0.0-192.168.255.255

The above command will attempt to request http://sketchysite.com/admin with all IP addresses in the range 192.168.0.0-192.168.255.255. The python script takes advantage of asynchronous HTTP requests via the requests-futures module and hence should be fairly quick. Note, this tool only functions on Python2.

In addition to this, the enumXFF project on Github also contains a script called generateIPs.py. This will simply generate a list of comma delimited IP addresses that can be input directly to Burp's Intruder. If the tool isn't the best way for you, Burp's Intruder is a reliable option to fall back on.

To generate the IPs for the range 192.168.0.0-192.168.255.255, you would need to use the following command:

python3 generateIPs.py -r 192.168.0.0-192.168.255.255 -o burp_xff_ips.txt

Refer to this blog post for further details: https://shubh.am/enumerating-ips-in-x-forwarded-headers-to-bypass-403-restrictions/