Added option to use a custom headers in the request

README.md

@@ -21,9 +21,9 @@ This Python script can be used to bypass IP source restrictions using HTTP heade
 
 ```
 $ ./ipsourcebypass.py -h
-[~] IP source bypass using HTTP headers, v1.1
+[~] IP source bypass using HTTP headers, v1.2
 
-usage: ipsourcebypass.py [-h] [-v] -i IP [-t THREADS] [-x PROXY] [-k] [-L] [-j JSONFILE] url
+usage: ipsourcebypass.py [-h] [-v] -i IP [-t THREADS] [-x PROXY] [-k] [-L] [-j JSONFILE] [-C] [-H HEADERS] [-S] url
 
 This Python script can be used to test for IP source bypass using HTTP headers
 
@@ -42,6 +42,10 @@ optional arguments:
   -L, --location        Follow redirects (default: False)
   -j JSONFILE, --jsonfile JSONFILE
                         Save results to specified JSON file.
+  -C, --curl            Generate curl commands for each request.
+  -H HEADERS, --header HEADERS
+                        arg1 help message
+  -S, --save            Save all HTML responses.
 ```
 
 ## Auto-detecting responses that stands out

ipsourcebypass.py

@@ -13,9 +13,8 @@
 from rich import box
 from rich.table import Table
 import json
-from http.cookies import SimpleCookie
 
-banner = "[~] IP source bypass using HTTP headers, v1.1\n"
+banner = "[~] IP source bypass using HTTP headers, v1.2\n"
 
 BYPASS_HEADERS = [
     'Access-Control-Allow-Origin', 'Client-IP', 'Forwarded', 'Forwarded-For', 'Forwarded-For-IP', 'Origin',
@@ -26,14 +25,18 @@
 
 
 def test_bypass(options, proxies, results, header_name, header_value):
+    http_headers = {h.split(':', 1)[0]: h.split(':', 1)[1].strip() for h in options.headers}
+    http_headers[header_name] = header_value
     try:
         r = requests.get(
             url=options.url,
-            verify=options.verify,  # this is to set the client to accept insecure servers
+            # This is to set the client to accept insecure servers
+            verify=options.verify,
             proxies=proxies,
             allow_redirects=options.redirect,
-            stream=True,  # this is to prevent the download of huge files, focus on the request, not on the data,
-            headers={header_name: header_value}
+            # This is to prevent the download of huge files, focus on the request, not on the data
+            stream=True,
+            headers=http_headers
         )
     except requests.exceptions.ProxyError:
         print("[!] Invalid proxy specified")
@@ -124,7 +127,7 @@ def parseArgs():
     parser.add_argument("-L", "--location", dest="redirect", action="store_true", default=False, required=False, help="Follow redirects (default: False)")
     parser.add_argument("-j", "--jsonfile", dest="jsonfile", default=None, required=False, help="Save results to specified JSON file.")
     parser.add_argument("-C", "--curl", dest="curl", default=False, required=False, action="store_true", help="Generate curl commands for each request.")
-    parser.add_argument("-H", "--header", dest="header", default=None, required=False, type=str, help="Only test this header.")
+    parser.add_argument("-H", "--header", dest="headers", action="append", default=[], help='arg1 help message')
     parser.add_argument("-S", "--save", dest="save", default=False, required=False, action="store_true", help="Save all HTML responses.")
     return parser.parse_args()
 
@@ -152,11 +155,6 @@ def parseArgs():
                 print("[debug] Setting proxies to 'None'")
             proxies = None
 
-        if options.header is not None:
-            if options.verbose:
-                print("[debug] Only testing header '%s'" % options.header)
-            BYPASS_HEADERS = [options.header]
-
         if not options.verify:
             # Disable warings of insecure connection for invalid cerificates
             requests.packages.urllib3.disable_warnings()