sAjibuu
commented
1 month ago If you're using a proxy client like Burp Suite, use the "burp_http" flag. Otherwise, change the "https" protocol to "http" in the config.py file located in the lib directory. It also mentioned now in the program's help message and in the README file. Thank you for the ticket!
0xNoport
Hey, I don't know why but the tool requests port 443:
╭─root at kali in /opt/Upload_Bypass on main✘✘✘ 24-07-19 - 17:41:06 ╰─⠠⠵ python3 upload_bypass.py -r /home/kali/request -s 'it will be reviewed shortly by our staff' -f 'File is not valid' -E php -D '/uploads' --exploit -A odt
[i] Executing extensions shuffle module.
[-] HTTPSConnectionPool(host='REDACTED, but it was not an IP but hostname', port=443): Max retries exceeded with url: /upload.php (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f109fe9edc0>, 'Connection to *again redacted hostname* timed out. (connect timeout=8)')) [-] For a full stack trace error use the --debug flag
this is my request file:
─root at kali in /opt/Upload_Bypass on main✘✘✘ 24-07-19 - 17:41:38 ╰─⠠⠵ cat /home/kali/request POST /upload.php HTTP/1.1 Host: hostname User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------29708924021983633238784843606 Content-Length: 564 Origin: http://hostname Connection: close Referer: http://hostname/ Upgrade-Insecure-Requests: 1
-----------------------------29708924021983633238784843606 Content-Disposition: form-data; name="file"; filename="filename" Content-Type: mimetype
data -----------------------------29708924021983633238784843606--