Bypass 4xx HTTP response status codes.

Related tags

Security related resourcespythonsecuritybypassoffensive-securityethical-hacking403
Overview

Forbidden

Bypass 4xx HTTP response status codes.

To see all the test cases, check the source code - follow the NOTE comments.

Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output.

Extend this script to your liking.

Tested on Kali Linux v2021.4 (64-bit).

Made for educational purposes. I hope it will help!

Future plans:

  • file uploads with HTTP PUT,
  • cross-site tracing (XST),
  • basic authentication.

Table of Contents

How to Run

Open your preferred console from /src/ and run the commands shown below.

Install required packages:

pip3 install -r requirements.txt

Run the script:

python3 forbidden.py

Download a user agent list from here.

Parsed URL Format

To see all the default values used in the script, check the source code - follow the NOTE comments.

{
	"urls": [
		"http://example.com/admin",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ"
	],
	"scheme_domains": [
		"http://example.com",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
	],
	"domains": [
		"example.com",
		"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
	],
	"paths": [
		"admin",
		"/admin",
		"admin/",
		"/admin/",
		"ᴬᴰᴹᴵᴺ",
		"/ᴬᴰᴹᴵᴺ",
		"ᴬᴰᴹᴵᴺ/",
		"/ᴬᴰᴹᴵᴺ/"
	],
	"all": [
		"http://example.com/admin",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ",
		"http://example.com",
		"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
		"example.com",
		"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
		"admin",
		"/admin",
		"admin/",
		"/admin/",
		"ᴬᴰᴹᴵᴺ",
		"/ᴬᴰᴹᴵᴺ",
		"ᴬᴰᴹᴵᴺ/",
		"/ᴬᴰᴹᴵᴺ/"
	]
}

HTTP Headers

Client-IP
Cluster-Client-IP
Connection
Contact
Forwarded
Forwarded-For
Forwarded-For-Ip
From
Host
Origin
Referer
Stuff
True-Client-IP
X-Client-IP
X-Custom-IP-Authorization
X-Forward
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Server
X-Forward-For
X-Forwared-Host
X-Host
X-HTTP-Host-Override
X-Original-URL
X-Originating-IP
X-Override-URL
X-ProxyUser-IP
X-Real-IP
X-Remote-Addr
X-Remote-IP
X-Rewrite-URL
X-Wap-Profile
X-Server-IP
X-Target

HTTP Methods

ACL
ARBITRARY
BASELINE-CONTROL
BIND
CHECKIN
CHECKOUT
CONNECT
COPY
DELETE
GET
HEAD
INDEX
LABEL
LINK
LOCK
MERGE
MKACTIVITY
MKCALENDAR
MKCOL
MKREDIRECTREF
MKWORKSPACE
MOVE
OPTIONS
ORDERPATCH
PATCH
POST
PRI
PROPFIND
PROPPATCH
PUT
REBIND
REPORT
SEARCH
SHOWMETHOD
SPACEJUMP
TEXTSEARCH
TRACE
TRACK
UNBIND
UNCHECKOUT
UNLINK
UNLOCK
UPDATE
UPDATEREDIRECTREF
VERSION-CONTROL

URL Paths

/
//
/%2e
/%2e/
/.
/./
/..
/../
/;
/;/
/.;
/.;/
/..;
/..;/
%20
%20/
%09
%09/
;foo=bar;
/;foo=bar;
;foo=bar;/
/;foo=bar;/
~
~~
/~randomstring
#
##
/#randomstring
?
??
/?randomstring
/*
/**
/*randomstring
.jsp
.jspa
.jspx
.jhtml
.html
.sht
.shtml
.xhtml
.php
.asp
.aspx
.esp

Results Format

[
	{
		"id": 9,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: localhost"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 49,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: localhost:80"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost:80' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 169,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: 127.0.0.1"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	},
	{
		"id": 209,
		"url": "https://example.com/admin",
		"method": "GET",
		"headers": [
			"Host: 127.0.0.1:80"
		],
		"agent": null,
		"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1:80' -X 'GET' 'https://example.com/admin'",
		"code": "302",
		"length": "142"
	}
]

Images

Help

Figure 1 - Help

You might also like...
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE
CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */

M4rtin Hsu 81 Dec 12, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

Pushpender Singh 9 Dec 12, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 854 Dec 30, 2022
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the

mitmproxy 29.7k Jan 4, 2023
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Adam Johnson 76 Nov 30, 2022
CVE-2021-40346 integer overflow enables http smuggling
CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021

donky16 34 Nov 15, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Cod

Axel Souchet 820 Dec 18, 2022
Releases(v9.1)

  • v9.1(Nov 24, 2022)

    Reintroduced PycURL as it is less prone to exceptions and because Python Requests fixed their double header bug.

    Python tool for brute forcing 4xx response status codes. Based on PycURL.

    Source code(tar.gz)
    Source code(zip)
Owner
Ivan Šincek
Offensive security engineer. These are some of the security related codes I wrote in my free time.
Ivan Šincek
GitHub Repository
Security System using OpenCV

Security-System Security System using OpenCV Files in this Repository: email_send.py - This file contains python code to send an email when something

Mehul Patwari 1 Oct 28, 2021
CVE-2021-45232-RCE-多线程批量漏洞检测

CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

孤桜懶契 36 Sep 21, 2022
Patching - Interactive Binary Patching for IDA Pro

Patching - Interactive Binary Patching for IDA Pro Overview Patching assembly code to change the behavior of an existing program is not uncommon in ma

589 Dec 30, 2022
Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

ru55o 2 Oct 31, 2022
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w

Podalirius 48 Dec 03, 2022
Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022
A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

Finn Lancaster 20 Nov 12, 2022
这次是可可萝病毒!

可可萝病毒! 事情是这样的,我又开始不干正事了。 众所周知,在Python里,0x0等于0,但是不等于可可萝。 这很不好,我们得把它改成可可萝! 效果 一般的Python—— Python 3.8.0 (tags/v3.8.0:fa919fd, Oct 14 2019, 19:37:50) [MSC

黄巍 29 Jul 14, 2022
A simple python code for hacking profile views

This code for hacking profile views. Not recommended to adding profile views in profile. This code is not illegal code. This code is for beginners.

Fayas Noushad 3 Nov 28, 2021
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
A kAFL based hypervisor fuzzer which fully supports nested VMs

hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as

SafeBreach Labs 115 Dec 07, 2022
A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Automator-Terminator A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) w

25 Oct 10, 2022
NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

DosentTrust GithubDatabase 9 Jul 04, 2022
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
🏃 Python Solutions of All Problems in FHC 2021 (In Progress)

FacebookHackerCup-2021 Python solutions of Facebook Hacker Cup 2021. Solution begins with * means it will get TLE in the largest data set (total compu

kamyu 14 Oct 15, 2022
Automated tool to exploit basic buffer overflow remotely and locally & x32 and x64

Automated tool to exploit basic buffer overflow (remotely or locally) & (x32 or x64)

5 Oct 09, 2022
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE 🍺 , use it commercial

c3rb3ru5 103 Dec 18, 2022
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

Oliver Lyak 140 Dec 27, 2022
Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022
GitGuardian Shield: protect your secrets with GitGuardian

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

GitGuardian 1.2k Dec 27, 2022