#!/bin/bash # Bot detection bypass - tests whether fake UAs, headless markers, missing headers slip through SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/../config.sh" OUT="$OUT/bot_detection" mkdir -p "$OUT" echo '=== BOT DETECTION BYPASS TESTS ===' | tee "$OUT/summary.txt" # 1. No User-Agent (raw bot) echo '' | tee -a "$OUT/summary.txt" echo '--- No User-Agent ---' | tee -a "$OUT/summary.txt" resp=$(curl -sk -o "$OUT/no_ua_body.txt" -w '%{http_code}' --max-time 10 -H 'User-Agent:' "$TARGET/") echo "[$resp] No User-Agent" | tee -a "$OUT/summary.txt" # 2. Known bad bot UAs (should be blocked) BAD_UAS=( 'sqlmap/1.7' 'nikto/2.1.6' 'masscan/1.3' 'nmap scripting engine' 'zgrab/0.x' 'python-requests/2.28' 'Go-http-client/1.1' 'curl/7.88.1' 'Wget/1.21' ) echo '' | tee -a "$OUT/summary.txt" echo '--- Known Bad Bot UAs ---' | tee -a "$OUT/summary.txt" for ua in "${BAD_UAS[@]}"; do resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -A "$ua" "$TARGET/") echo "[$resp] UA: $ua" | tee -a "$OUT/summary.txt" done # 3. Headless browser markers echo '' | tee -a "$OUT/summary.txt" echo '--- Headless Browser Markers ---' | tee -a "$OUT/summary.txt" resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/120.0.0.0 Safari/537.36' "$TARGET/") echo "[$resp] HeadlessChrome UA" | tee -a "$OUT/summary.txt" resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36' -H 'X-Forwarded-For: 127.0.0.1' "$TARGET/") echo "[$resp] X-Forwarded-For: 127.0.0.1 (EXPECTED 200 — XFF from untrusted source is ignored by proxy, real IP still tracked)" | tee -a "$OUT/summary.txt" # 4. Scanner-like rapid paths (not DoS, just pattern) echo '' | tee -a "$OUT/summary.txt" echo '--- Scanner Path Probes ---' | tee -a "$OUT/summary.txt" SCAN_PATHS=('/.env' '/.git/config' '/wp-admin/' '/admin/' '/phpmyadmin/' '/phpinfo.php' '/config.php' '/backup.sql' '/.htaccess' '/server-status' '/api/v1/users' '/actuator/health') for path in "${SCAN_PATHS[@]}"; do resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 "$TARGET$path") echo "[$resp] $path" | tee -a "$OUT/summary.txt" done # 5. Realistic browser headers - should pass echo '' | tee -a "$OUT/summary.txt" echo '--- Legitimate Browser (should PASS) ---' | tee -a "$OUT/summary.txt" resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' "$TARGET/") echo "[$resp] Realistic Chrome UA (should be 200/301)" | tee -a "$OUT/summary.txt" cat "$OUT/summary.txt"