Search the Community

Showing results for tags 'http'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 70 results

  1. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v7.8 Default number of parallel threads fix, added base domain IPs, and some other optimizations. [hide][Hidden Content]]
  2. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v7.5 Added stats at finish. Lots of bug fixes, improvements, and new tests added. [hide][Hidden Content]]
  3. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v6.3 Fixed some issues in URL encoding bypasses and added new ones, and added more HTTP header and URL path bypasses. Added option to filter false-positive results by content length. [hide][Hidden Content]]
  4. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.8 Added port overrides, and added more HTTP request headers. [hide][Hidden Content]]
  5. itsMe

    HTTP Debugger Pro 9.12

    Debug HTTP API calls to a back-end and between back-ends Easy to use, clean UI, and short ramp-up time Not a proxy, no network issues! Not a proxy, no network issues! Doesn't change the browser's configuration for the proxy. Can display proxy-connected traffic. [Hidden Content] [hide][Hidden Content]]
  6. itsMe

    HTTP Debugger Pro 9.11

    Debug HTTP API calls to a back-end and between back-ends Easy to use, clean UI, and short ramp-up time Not a proxy, no network issues! Not a proxy, no network issues! Doesn't change the browser's configuration for the proxy. Can display proxy-connected traffic. [Hidden Content] [hide][Hidden Content]]
  7. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project-based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) Changelog v0.6 This release has two improvements that should make Hetty easier to work with: bef52d9 Add support to launch Chrome – Check this guide for details. ad26478 Add certificate management subcommands – Check this doc for details. Changelog 6aa93b7 Add “Copy to Sender” button in reqlog table 7afc23b Add Homebrew tap to GoReleaser config ad26478 Add certificate management subcommands 2ddf2a7 Add logger bef52d9 Add support to launch Chrome d438f93 Fix incorrect var names 8269af9 Fix missing HTTP/1.0 proto enums af26987 Fix sort order of request logs f15438e Fix stray outdated enum values 857aa0c Misc lint fixes fa3f24e Move gql handler out of main, improve admin route matching ed9a539 Remove stray console.log calls c5f76e1 Remove unused project open/close event listeners 29550ff Update README ca0c085 Use ffcli, tidy up usage message [hide][Hidden Content]]
  8. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project-based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) Changelog v0.5.1 d2858a2 Fix input fields for key-value pair tables losing focus [hide][Hidden Content]]
  9. Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. [hide][Hidden Content]]
  10. Features 17 HTTP headers. Multithreading. JSON export with --json outputfile.json. Auto-detecting most successfull bypasses. [hide][Hidden Content]]
  11. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.7 Heavy refactoring of encoding option, and some tweaks. Added some new ideas in “to do” list. [hide][Hidden Content]]
  12. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.4 Description/text updates. Added scheme-override bypass. [hide][Hidden Content]]
  13. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.3 Added scheme-override bypass. [hide][Hidden Content]]
  14. httpx httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Simple and modular codebase making it easy to contribute. Fast And fully configurable flags to probe multiple elements. Supports vhost, urls, ports, title, content-length, status-code, response-body probbing. Smart auto fallback from https to http as default. Supports hosts, URLs, and CIDR as input. Handles edge cases doing retries, backoffs, etc for handling WAFs. Changelog v1.1.4 Added probe-all-ips support to probe all the ips associated with same host by @zerodivisi0n in #427 Added Request dump support with debug/debug-req/debug-resp flag by @zerodivisi0n in #425 Added Functional tests by @LuitelSamikshya in #436 Added max recursion level for self-dos on recursive load function by @Mzack9999 in #420 Fixed bug using path flag in stream mode by @Mzack9999 in #415 Fixed follow-host-redirects option when customizing the host request header by @z0neGit in #418 Fixed bug with title flag producing new lines in output by @LuitelSamikshya in #448 [hide][Hidden Content]]
  15. http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. [hide][Hidden Content]]
  16. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.2 Few minor fixes. [hide][Hidden Content]]
  17. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.1 Comma-separated values can now be used to specify tests. [hide][Hidden Content]]
  18. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.0 Added proxy option, and did some small tweaks. [hide][Hidden Content]]
  19. HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that’s useful for getting files (and other information) off a machine using HTTP. While there are many use-cases, it’s meant to be used in low-stakes offensive scenarios (e.g., CTFs). Think of this as python3 -m http.server but for getting data off a machine instead of on the machine. Obviously, this is a very loud and somewhat restricted way of exfiltrating data. Nevertheless, it’s quite handy and somewhat easier than, for example, using SMB or FTP. If you are looking for something more elegant, have a look at, for example, dnsteal or PyExfil. [hide][Hidden Content]]
  20. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v4.3 Regular expression fix. Content length fixes for cURL on Windows. Code rebase lots of fixes and broken URL parser testing. [hide][Hidden Content]]
  21. Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with 'Content-Length: 0' header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two 'Host' headers, various URL path injections, basic authentication/authorization including null session. [hide][Hidden Content]]
  22. HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that’s useful for getting files (and other information) off a machine using HTTP. While there are many use-cases, it’s meant to be used in low-stakes offensive scenarios (e.g., CTFs). Think of this as python3 -m http.server but for getting data off a machine instead of on the machine. Obviously, this is a very loud and somewhat restricted way of exfiltrating data. Nevertheless, it’s quite handy and somewhat easier than, for example, using SMB or FTP. If you are looking for something more elegant, have a look at, for example, dnsteal or PyExfil. [hide][Hidden Content]]
  23. itsMe

    CosaNostra v1.2 HTTP BotNet

    --------------------[ Features ]-------------------- Keylogger Clipper Screenshot Stealer Files (Photos , Docs , TXT) Download and Execute (Loader) Get information Device [PC Name , Operating System , Firewall , Memory (RAM) , Anti Virus , Processor ] Get location and address Clear Cookies and Session from 20 Browsers like [ Google Chrome , Mozilla Firefox , Opera , Yandex etc...] Anti-Sandbox like [ wireshark , Process Hacker , TCPVIEW , virtualBox , sandboxie etc... ] ----------------[ WebPanel Features ]---------------- # dynamic Pages # Responsive pages [You can use it from a phone] # Home page you can see all bots and counters like [Total Bots , Keylogger Reports , Screenshot ] and info like [HWID , Country IP , Stat ( online or offline), Last Seen ] # Settings Page from this page You can set a convenient time for you. You can also activate the file stealing a feature from the victim device # Tasks Page you can add task Download and Execute or delete tasks # User Page you can Change User information [Hidden Content] Server Scan [Hidden Content]
  24. itsMe

    HTTP Debugger Pro 9.11

    Debug HTTP API calls to a back-end and between back-ends Easy to use, clean UI, and short ramp-up time Not a proxy, no network issues! v9.11 - Feb 8, 2021 Improvements Improved support for Client Certificates. Other Changes Fixed an issue with selecting a request from the Submitter. Fixed an issue with auto-scrolling the grid to the selected line. Fixed an issue with Out Of Memory. [Hidden Content] [hide][Hidden Content]]
  25. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) [hide][Hidden Content]]