Offensive Security Tool: dontgo403 | How to Install & use dontgo403 tool?

TeleModsApk
27 May, 2023

Description

DontGo403 by devploit is a tool designed to help Pentesters and Red Teams identify vulnerabilities in web servers that could be exploited to gain unauthorized access to resources. The tool does this by bypassing HTTP error code 403 responses, which are typically used to indicate that a user is not authorized to access a particular resource or webpage.

DontGo403, can send multiple requests to a web server, each with a different User-Agent string, to identify a User-Agent string that is not being blocked by the server. By doing so, they can bypass the 403 error code and potentially gain access to restricted resources.

Installation:

apt update

apt upgrade

apt install golang

pkg install git

git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build


 

Customization

If you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it.

Options

./dontgo403 -h

Command line application that automates different ways to bypass 40X codes.

Usage:
  dontgo403 [flags]

Flags:
  -b, --bypassIp string Try bypass tests with a specific IP address (or hostname). i.e.: 'X-Forwarded-For: 192.168.0.1' instead of 'X-Forwarded-For: 127.0.0.1'
  -d, --delay int Set a delay (in ms) between each request. Default: 0ms
  -f, --folder string Define payloads folder (if it's not in the same path as binary)
  -H, --header strings Add a custom header to the requests (can be specified multiple times)
  -h, --help help for dontgo403
      --http Set HTTP schema for request-file requests (default HTTPS)
  -t, --httpMethod string HTTP method to use (default 'GET')
  -m, --max_goroutines int Set the max number of goroutines working at same time. Default: 50 (default 50)
  -p, --proxy string Proxy URL. For example: http://127.0.0.1:8080
  -r, --request-file string Path to request file to load flags from
  -u, --uri string Target URL
  -a, --useragent string Set the User-Agent string (default 'dontgo403')
  -v, --verbose Set verbose mode ON (default OFF)

 

Usage

Basic usage:

./dontgo403 -u https://domain.com/admin

 

Verbose mode + proxy enabled:

./dontgo403 -u https://domain.com/admin -p http://127.0.0.1:8080 -v

 

Parse request from Burp:

./dontgo403 -r request.txt

 

Use custom header + specific IP address for bypasses:

./dontgo403 -u https://domain.com/admin -H "Environment: Staging" -b 8.8.8.8

 

Set new max of goroutines + add delay between requests:

./dontgo403 -u https://domain.com/admin -m 10 -d 200


In Video I made this Python Flask Web:

https://www.mediafire.com/file/bit2qu35oma8qk9/demo.zip/file

Video Tutorial:


Next Post Previous Post
No Comment
Add Comment
comment url