Added Double URL-Encoding - Nginx 403 Bypass

Added Double URL-Encoding for Nginx 403 Bypass. Reference: https://www.youtube.com/watch?v=TqKb7h8VFcA Timeline:[4:08]
laluka · Oct 22, 2024 · 8a305bc · 8a305bc
1 parent 476961f
commit 8a305bc
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/bypass_url_parser/__init__.py b/src/bypass_url_parser/__init__.py
@@ -463,12 +463,19 @@ def _generate_curls(self, url_obj: ParseResult):
             # [char_encode] - Url-Encoding
             if any(mode in {"all", "char_encode"} for mode in self.current_bypass_modes):
                 char_urlencoded = format(ord(base_path[abc_index]), "02x")
-                cmd = [*self.base_curl,
-                       f"{base_url}{base_path[:abc_index]}%{char_urlencoded}{base_path[abc_index + 1:]}"]
+                single_encoded_path = f"{base_url}{base_path[:abc_index]}%{char_urlencoded}{base_path[abc_index + 1:]}"
+                cmd = [*self.base_curl, single_encoded_path]
                 item = CurlItem(url_obj, self.base_curl, cmd, bypass_mode="char_encode", encoding=self.encoding,
                                 target_ip=self.url_resolved_ip, debug=self.debug, ext_logger=self.logger)
                 self.curl_items.add(item)
 
+                # New [char_encode] - Double URL-Encoding by encoding once more
+                double_encoded_path = single_encoded_path.replace(f"%{char_urlencoded}", f"%25{char_urlencoded}")
+                cmd = [*self.base_curl, double_encoded_path]
+                item = CurlItem(url_obj, self.base_curl, cmd, bypass_mode="char_encode_double", encoding=self.encoding,
+                                target_ip=self.url_resolved_ip, debug=self.debug, ext_logger=self.logger)
+                self.curl_items.add(item)
+
         # Verbose/debug print
         if self.verbose and not self.dump_payloads:
             self.logger.info(f"Payloads to test: {len(self.curl_items)}")