Merge pull request #1070 from blacklanternsecurity/bypass403-errors

better bypass403 error handling
blacklanternsecurity · Feb 7, 2024 · d60f645 · d60f645
2 parents 7cdab23 + 1da63d2
commit d60f645
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/bbot/modules/bypass403.py b/bbot/modules/bypass403.py
@@ -63,6 +63,7 @@
     "X-Host": "127.0.0.1",
 }
 
+# This is planned to be replaced in the future: https://github.com/blacklanternsecurity/bbot/issues/1068
 waf_strings = ["The requested URL was rejected"]
 
 for qp in query_payloads:
@@ -83,8 +84,13 @@ class bypass403(BaseModule):
 
     async def do_checks(self, compare_helper, event, collapse_threshold):
         results = set()
+        error_count = 0
 
         for sig in signatures:
+            if error_count > 3:
+                self.warning(f"Received too many errors for URL {event.data} aborting bypass403")
+                return None
+
             sig = self.format_signature(sig, event)
             if sig[2] != None:
                 headers = dict(sig[2])
@@ -95,6 +101,7 @@ async def do_checks(self, compare_helper, event, collapse_threshold):
                     sig[1], headers=headers, method=sig[0], allow_redirects=True
                 )
             except HttpCompareError as e:
+                error_count += 1
                 self.debug(e)
                 continue
 
@@ -149,6 +156,7 @@ async def handle_event(self, event):
                     source=event,
                 )
 
+    # When a WAF-check helper is available in the future, we will convert to HTTP_RESPONSE and check for the WAF string here.
     async def filter_event(self, event):
         if ("status-403" in event.tags) or ("status-401" in event.tags):
             return True