Bypass 4xx HTTP response status codes.

Related tags

Security related resourcespythonsecuritybypassoffensive-securityethical-hacking403
Overview

Forbidden

Bypass 4xx HTTP response status codes.

To see all the test cases, check the source code - follow the NOTE comments.

Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output.

Extend this script to your liking.

Tested on Kali Linux v2021.4 (64-bit).

Made for educational purposes. I hope it will help!

Future plans:

  • file uploads with HTTP PUT,
  • cross-site tracing (XST),
  • basic authentication.

Table of Contents

How to Run

Open your preferred console from /src/ and run the commands shown below.

Install required packages:

pip3 install -r requirements.txt

Run the script:

python3 forbidden.py

Download a user agent list from here.

Parsed URL Format

To see all the default values used in the script, check the source code - follow the NOTE comments.

{
	"urls": [
		"http://example.com/admin",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ"
	],
	"scheme_domains": [
		"http://example.com",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
	],
	"domains": [
		"example.com",
		"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
	],
	"paths": [
		"admin",
		"/admin",
		"admin/",
		"/admin/",
		"ᴬᴰᴹᴵᴺ",
		"/ᴬᴰᴹᴵᴺ",
		"ᴬᴰᴹᴵᴺ/",
		"/ᴬᴰᴹᴵᴺ/"
	],
	"all": [
		"http://example.com/admin",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ",
		"http://example.com",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
		"example.com",
		"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
		"admin",
		"/admin",
		"admin/",
		"/admin/",
		"ᴬᴰᴹᴵᴺ",
		"/ᴬᴰᴹᴵᴺ",
		"ᴬᴰᴹᴵᴺ/",
		"/ᴬᴰᴹᴵᴺ/"
	]
}

HTTP Headers

Client-IP
Cluster-Client-IP
Connection
Contact
Forwarded
Forwarded-For
Forwarded-For-Ip
From
Host
Origin
Referer
Stuff
True-Client-IP
X-Client-IP
X-Custom-IP-Authorization
X-Forward
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Server
X-Forward-For
X-Forwared-Host
X-Host
X-HTTP-Host-Override
X-Original-URL
X-Originating-IP
X-Override-URL
X-ProxyUser-IP
X-Real-IP
X-Remote-Addr
X-Remote-IP
X-Rewrite-URL
X-Wap-Profile
X-Server-IP
X-Target

HTTP Methods

ACL
ARBITRARY
BASELINE-CONTROL
BIND
CHECKIN
CHECKOUT
CONNECT
COPY
DELETE
GET
HEAD
INDEX
LABEL
LINK
LOCK
MERGE
MKACTIVITY
MKCALENDAR
MKCOL
MKREDIRECTREF
MKWORKSPACE
MOVE
OPTIONS
ORDERPATCH
PATCH
POST
PRI
PROPFIND
PROPPATCH
PUT
REBIND
REPORT
SEARCH
SHOWMETHOD
SPACEJUMP
TEXTSEARCH
TRACE
TRACK
UNBIND
UNCHECKOUT
UNLINK
UNLOCK
UPDATE
UPDATEREDIRECTREF
VERSION-CONTROL

URL Paths

/
//
/%2e
/%2e/
/.
/./
/..
/../
/;
/;/
/.;
/.;/
/..;
/..;/
%20
%20/
%09
%09/
;foo=bar;
/;foo=bar;
;foo=bar;/
/;foo=bar;/
~
~~
/~randomstring
#
##
/#randomstring
?
??
/?randomstring
/*
/**
/*randomstring
.jsp
.jspa
.jspx
.jhtml
.html
.sht
.shtml
.xhtml
.php
.asp
.aspx
.esp

Results Format

[
	{
		"id": 9,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: localhost"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 49,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: localhost:80"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost:80' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 169,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: 127.0.0.1"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 209,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: 127.0.0.1:80"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1:80' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	}
]

Images

Help

Figure 1 - Help

You might also like...
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

Pushpender Singh 9 Dec 12, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 854 Dec 30, 2022
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the

mitmproxy 29.7k Jan 4, 2023
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Adam Johnson 76 Nov 30, 2022
CVE-2021-40346 integer overflow enables http smuggling
CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021

donky16 34 Nov 15, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Cod

Axel Souchet 820 Dec 18, 2022
Releases(v9.1)

  • v9.1(Nov 24, 2022)

    Reintroduced PycURL as it is less prone to exceptions and because Python Requests fixed their double header bug.

    Python tool for brute forcing 4xx response status codes. Based on PycURL.

    Source code(tar.gz)
    Source code(zip)
Owner
Ivan Šincek
Offensive security engineer. These are some of the security related codes I wrote in my free time.
Ivan Šincek
GitHub Repository
CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22

antx 49 Nov 09, 2022
Discord-email-spammer-exploit - A discord email spammer exploit with python

Discord-email-spammer-exploit was made by Love ❌ code ✅ 🎈 ・Description First it

Rdimo 25 Aug 13, 2022
Mips script decompiles MIPS assembly instructions & bot functionality

mips mips is a python-based script that decodes MIPS instructions. Usage cd into mips and run python decode.py command or open decode.py to run the sc

Anthony Tedja 0 Mar 30, 2022
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
Um script simples de Port Scan + DNS by Hostname

🖥 PortScan-DNS Esta é uma ferramenta simples de Port Scan + DNS by Hostname... 💻 | DNS Resolver / by Hostname: HOST IP EXTERNO IP INTERNO 💻 | Port

AlbâniaSecurity-RT 7 Dec 08, 2022
An easy-to-use wrapper for NTFS-3G on macOS

ezNTFS ezNTFS is an easy-to-use wrapper for NTFS-3G on macOS. ezNTFS can be used as a menu bar app, or via the CLI in the terminal. Installation To us

Matthew Go 34 Dec 01, 2022
Web Headers Security Scanner

Web Headers Security Scanner

Emre Koybasi 3 Dec 16, 2022
Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Nirmal Dahal 10 Oct 15, 2022
A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

Mr. Dynamic 1 Jan 27, 2022
RDP Stealer

RDP Stealer RDP Stealer by lamp Require Python How To Use Download This Source Extract The Zip File Change webhook url Convert to exe send to target I

Lamp 14 Nov 26, 2022
Python exploit code for CVE-2021-4034 (pwnkit)

Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works

Joe Ammond 92 Dec 29, 2022
Gmail Accounts Hacking

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

Aryan 25 Nov 10, 2022
Open-source keylogger write in python

Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

Dio brando 4 Jan 15, 2022
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Varun Jagtap 5 Oct 08, 2022
CodeTest信息收集和漏洞利用工具

CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。

23 Mar 18, 2021
A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

Isuru Umayanga 7 Aug 06, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R

Nicolas Krassas 104 Dec 08, 2022
simple python keylogger

HELLogger simple python keylogger DISCLAIMERS: DON'T DO BAD THINGS. THIS PROGRAM IS MEANT FOR PERSONAL USES ONLY. USE IT ONLY IN COMPUTERS WHERE YOU H

Arya 10 Nov 10, 2022
Security system to prevent Shoulder Surfing Attacks

Surf_Sec Security system to prevent Shoulder Surfing Attacks. REQUIREMENTS: Python 3.6+ XAMPP INSTALLED METHOD TO CONFIGURE PROJECT: Clone the repo to

Aman Anand 1 Jan 27, 2022