This tool is designed to bypass misconfigured web-pages with 403 and 401 HTTP responses using HTTP headers. Essentially, it adds specific headers and values to all requests and displays whether they were bypassed or not in its own Burp Suite Tab.
Before forwarding the targeted 403/401 request to website, you need to send it to 403 Kangaroo from the Extensions menu. After that, you can forward the request. 403 Kangaroo will not work until the request is forwarded.
After the request is forwarded/sent, 403 Kangaroo will check whether the response is 403 or 401. If the application responds with 403 or 401, it will send the requests with added headers.
It will perform requests by changing the header values as many times as the number of values found in the values.txt file. Then, if a successful value is found, it can be seen in the Burp Suite Tab.
When this tool is reloaded, it stores the values from values.txt and headers.txt files into an array, which it then uses in its requests. This way, if you add any headers or values you want to use to these files, the tool will incorporate them into the requests it sends.