403 需要结果被过滤

[chasingboy]

对于 www 目录存在，返回 403 的情况，却不在返回结果中。请教一下师傅应该怎么设置参数。

kali$ ./spray -u http://127.0.0.1/ -d dirs.txt --debug                   
[*] Retry Count: 1 , 2023-07-27 21:50.25
[*] Loaded 503 word from dirs.txt , 2023-07-27 21:50.25
[*] Parsed 503 words by {?0} , 2023-07-27 21:50.25
[*] Loaded 0 urls from 127.0.0.1 , 2023-07-27 21:50.25
[*] Loaded 1 dictionaries and 0 decorators , 2023-07-27 21:50.25
[+] [baseline.404init] http://127.0.0.1/MzVJsUuKYeTCtAqP  [404]  [196]  [0ms]  [404 Not Found]   , 2023-07-27 21:50.25
[+] [baseline.index] http://127.0.0.1/  [200]  [11]  [0ms]  [hello world]   , 2023-07-27 21:50.25
[+] [baseline.random] http://127.0.0.1/MzVJsUuKYeTCtAqP  [404]  [196]  [0ms]  [404 Not Found]   , 2023-07-27 21:50.25
[debug] [word] http://127.0.0.1/html [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [word] http://127.0.0.1/image [reason: same status with random baseline] - 404 - 196 - 0ms
[debug] [word] http://127.0.0.1/include [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [word] http://127.0.0.1/install [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [word] http://127.0.0.1/settings [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [word] http://127.0.0.1/setup [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [check.pass] [check] http://127.0.0.1/lMyDuinHYAsVgnCw - 404 - 196 - 0ms [html data]  
[debug] [word] http://127.0.0.1/site [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [word] http://127.0.0.1/wiki [reason: same status with random baseline] - 404 - 196 - 0ms  
[debug] [word] http://127.0.0.1/www [reason: fuzzy redirect] - 301 - 229 - 0ms [html data]  --> http://127.0.0.1/www/  
[debug] [word] http://127.0.0.1/www [reason: fuzzy redirect] - 301 - 229 - 0ms [html data]  --> http://127.0.0.1/www/  
[debug] [redirect] http://127.0.0.1/www --> http://127.0.0.1/www/ [reason: compare failed] - 403 - 199 - 0ms [html data]  
[debug] [word] http://127.0.0.1/.configuration [reason: same status with random baseline] - 404 - 196 - 361ms  
[*] [stat] http://127.0.0.1/ took 2 s, request total: 508, finish: 503/503, found: 0, check: 2, failed: 0 , 2023-07-27 21:50.27
[*] [stat] http://127.0.0.1/ 403: 2, 301: 1, 404: 501, , 2023-07-27 21:50.27
[*] [stat] http://127.0.0.1/ word: 503, redirect: 1, , 2023-07-27 21:50.27
total progressive: 1/1  100% [====================================================================]    0s
http://127.0.0.1/ 454.661852/s 503/503 100% [====================================================================]    2s

[M09Ic]

[debug] [word] http://127.0.0.1/www [reason: fuzzy redirect] - 301 - 229 - 0ms [html data] --> http://127.0.0.1/www/
[debug] [redirect] http://127.0.0.1/www --> http://127.0.0.1/www/ [reason: compare failed] - 403 - 199 - 0ms [html data]

应该指的是这里的过滤吧?

fuzzy redirect表示www 重定向到 www/ 这样的末尾加上/的跳转. 这样的场景不一定代表目录存在, 可能是因为waf, 或者中间件的配置默认配置.

跳转后状态码403, compare failed 表示与www/这个页面的结果与403baseline相同. 因此被过滤.

如果认为这个网站的403页面均为有效数据, 可以将403状态码移除出参与模糊过滤的状态码列表.

spray -u http://127.0.0.1/ -d dirs.txt --fuzzy-status -403