Skip to content

Commit

Permalink
Merge pull request #52 from laluka/Nishantbhagat57-patch-2
Browse files Browse the repository at this point in the history 
Nishantbhagat57 patch 2
  • Loading branch information
@laluka
laluka authored Oct 23, 2024
2 parents 476961f + 40a0ad0 commit eb83eff
Show file tree
Hide file tree
Showing 2 changed files with 3,988 additions and 2 deletions.
18 changes: 16 additions & 2 deletions src/bypass_url_parser/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -463,12 +463,26 @@ def _generate_curls(self, url_obj: ParseResult):
# [char_encode] - Url-Encoding
if any(mode in {"all", "char_encode"} for mode in self.current_bypass_modes):
char_urlencoded = format(ord(base_path[abc_index]), "02x")
cmd = [*self.base_curl,
f"{base_url}{base_path[:abc_index]}%{char_urlencoded}{base_path[abc_index + 1:]}"]
single_encoded_path = f"{base_url}{base_path[:abc_index]}%{char_urlencoded}{base_path[abc_index + 1:]}"
cmd = [*self.base_curl, single_encoded_path]
item = CurlItem(url_obj, self.base_curl, cmd, bypass_mode="char_encode", encoding=self.encoding,
target_ip=self.url_resolved_ip, debug=self.debug, ext_logger=self.logger)
self.curl_items.add(item)

# New [char_encode] - Double URL-Encoding by encoding once more
double_encoded_path = single_encoded_path.replace(f"%{char_urlencoded}", f"%25{char_urlencoded}")
cmd = [*self.base_curl, double_encoded_path]
item = CurlItem(url_obj, self.base_curl, cmd, bypass_mode="char_encode_double", encoding=self.encoding,
target_ip=self.url_resolved_ip, debug=self.debug, ext_logger=self.logger)
self.curl_items.add(item)

# New [char_encode] - Triple URL-Encoding by encoding once more
triple_encoded_path = single_encoded_path.replace(f"%{char_urlencoded}", f"%2525{char_urlencoded}")
cmd = [*self.base_curl, triple_encoded_path]
item = CurlItem(url_obj, self.base_curl, cmd, bypass_mode="char_encode_triple", encoding=self.encoding,
target_ip=self.url_resolved_ip, debug=self.debug, ext_logger=self.logger)
self.curl_items.add(item)

# Verbose/debug print
if self.verbose and not self.dump_payloads:
self.logger.info(f"Payloads to test: {len(self.curl_items)}")
Expand Down
Loading

0 comments on commit eb83eff

Please sign in to comment.