Bypass 4xx HTTP response status codes.

Related tags

Security related resourcespythonsecuritybypassoffensive-securityethical-hacking403
Overview

Forbidden

Bypass 4xx HTTP response status codes.

To see all the test cases, check the source code - follow the NOTE comments.

Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output.

Extend this script to your liking.

Tested on Kali Linux v2021.4 (64-bit).

Made for educational purposes. I hope it will help!

Future plans:

  • file uploads with HTTP PUT,
  • cross-site tracing (XST),
  • basic authentication.

Table of Contents

How to Run

Open your preferred console from /src/ and run the commands shown below.

Install required packages:

pip3 install -r requirements.txt

Run the script:

python3 forbidden.py

Download a user agent list from here.

Parsed URL Format

To see all the default values used in the script, check the source code - follow the NOTE comments.

{
	"urls": [
		"http://example.com/admin",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ"
	],
	"scheme_domains": [
		"http://example.com",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
	],
	"domains": [
		"example.com",
		"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
	],
	"paths": [
		"admin",
		"/admin",
		"admin/",
		"/admin/",
		"ᴬᴰᴹᴵᴺ",
		"/ᴬᴰᴹᴵᴺ",
		"ᴬᴰᴹᴵᴺ/",
		"/ᴬᴰᴹᴵᴺ/"
	],
	"all": [
		"http://example.com/admin",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ",
		"http://example.com",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
		"example.com",
		"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
		"admin",
		"/admin",
		"admin/",
		"/admin/",
		"ᴬᴰᴹᴵᴺ",
		"/ᴬᴰᴹᴵᴺ",
		"ᴬᴰᴹᴵᴺ/",
		"/ᴬᴰᴹᴵᴺ/"
	]
}

HTTP Headers

Client-IP
Cluster-Client-IP
Connection
Contact
Forwarded
Forwarded-For
Forwarded-For-Ip
From
Host
Origin
Referer
Stuff
True-Client-IP
X-Client-IP
X-Custom-IP-Authorization
X-Forward
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Server
X-Forward-For
X-Forwared-Host
X-Host
X-HTTP-Host-Override
X-Original-URL
X-Originating-IP
X-Override-URL
X-ProxyUser-IP
X-Real-IP
X-Remote-Addr
X-Remote-IP
X-Rewrite-URL
X-Wap-Profile
X-Server-IP
X-Target

HTTP Methods

ACL
ARBITRARY
BASELINE-CONTROL
BIND
CHECKIN
CHECKOUT
CONNECT
COPY
DELETE
GET
HEAD
INDEX
LABEL
LINK
LOCK
MERGE
MKACTIVITY
MKCALENDAR
MKCOL
MKREDIRECTREF
MKWORKSPACE
MOVE
OPTIONS
ORDERPATCH
PATCH
POST
PRI
PROPFIND
PROPPATCH
PUT
REBIND
REPORT
SEARCH
SHOWMETHOD
SPACEJUMP
TEXTSEARCH
TRACE
TRACK
UNBIND
UNCHECKOUT
UNLINK
UNLOCK
UPDATE
UPDATEREDIRECTREF
VERSION-CONTROL

URL Paths

/
//
/%2e
/%2e/
/.
/./
/..
/../
/;
/;/
/.;
/.;/
/..;
/..;/
%20
%20/
%09
%09/
;foo=bar;
/;foo=bar;
;foo=bar;/
/;foo=bar;/
~
~~
/~randomstring
#
##
/#randomstring
?
??
/?randomstring
/*
/**
/*randomstring
.jsp
.jspa
.jspx
.jhtml
.html
.sht
.shtml
.xhtml
.php
.asp
.aspx
.esp

Results Format

[
	{
		"id": 9,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: localhost"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 49,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: localhost:80"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost:80' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 169,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: 127.0.0.1"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 209,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: 127.0.0.1:80"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1:80' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	}
]

Images

Help

Figure 1 - Help

You might also like...
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

Pushpender Singh 9 Dec 12, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 854 Dec 30, 2022
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the

mitmproxy 29.7k Jan 4, 2023
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Adam Johnson 76 Nov 30, 2022
CVE-2021-40346 integer overflow enables http smuggling
CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021

donky16 34 Nov 15, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Cod

Axel Souchet 820 Dec 18, 2022
Releases(v9.1)

  • v9.1(Nov 24, 2022)

    Reintroduced PycURL as it is less prone to exceptions and because Python Requests fixed their double header bug.

    Python tool for brute forcing 4xx response status codes. Based on PycURL.

    Source code(tar.gz)
    Source code(zip)
Owner
Ivan Šincek
Offensive security engineer. These are some of the security related codes I wrote in my free time.
Ivan Šincek
GitHub Repository
hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021
Template for new OSINT command-line tools

OSINT cli tool skeleton Template for new OSINT command-line tools. Press button "Use this template" to generate your own tool repository. See INSTALL.

36 Dec 20, 2022
Flutter Reverse Engineering Framework

This framework helps reverse engineer Flutter apps using patched version of Flutter library which is already compiled and ready for app repacking. There are changes made to snapshot deserialization p

PT SWARM 910 Jan 01, 2023
Reusable Lightweight Pythonic Dependency Injection Library

Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va

Fernando Martínez González 16 Sep 15, 2021
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC = Exchange 2013 update 23 = Exchange 2016 update 2

0x0021h 263 Feb 14, 2022
python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 09, 2022
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

Taroballz 25 Nov 15, 2022
#whois it? Let's find out!

whois_bot #whois it? Let's find out! Currently in development: a gatekeeper bot for a community (https://t.me/IT_antalya) of 250+ expat IT pros of Ant

Kirill Nikolaev 14 Jun 24, 2022
the metasploit script(POC) about CVE-2021-36260

CVE-2021-36260-metasploit the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision produ

Taroballz 14 Nov 09, 2022
automatically crawl every URL and find cross site scripting (XSS)

scancss Fastest tool to find XSS. scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload ge

Md. Nur habib 30 Sep 24, 2022
Attack SQL Server through gopher protocol

Attack SQL Server through gopher protocol

hack2fun 17 Nov 30, 2022
windows电脑查看全部连接过的WiFi密码

python WIFI历史密码查看器 WIFI密码查看器 原理 win+R,输入cmd打开命令行窗口 #这个命令可以列出你所有连接过的wifi netsh wlan show profiles #替换你要查找的WiFi名称,就可以显示出这个wifi的所有信息,包括密码 netsh wlan show

GMYXDS 15 Dec 22, 2022
:closed_lock_with_key: multi factor authentication system (2FA, MFA, OTP Server)

privacyIDEA privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you

1.3k Jan 03, 2023
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

Joe Helle 414 Jan 02, 2023
This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

Tobias 5 May 31, 2022
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

Introduction fork from https://gitlab.com/eshard/d810 What is D-810 D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation

Banny 30 Dec 06, 2022
Patching - Interactive Binary Patching for IDA Pro

Patching - Interactive Binary Patching for IDA Pro Overview Patching assembly code to change the behavior of an existing program is not uncommon in ma

589 Dec 30, 2022
Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

K A R T H I K 15 Dec 01, 2022
Malware-analysis-writeups - Some of my Malware Analysis writeups

About This repo contains some malware analysis writeups i've created over time m

Itay Migdal 14 Jun 22, 2022
A windows post exploitation tool that contains a lot of features for information gathering and more.

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022