Search the Community

Showing results for tags 'http'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 58 results

  1. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.3 Added scheme-override bypass. [hide][Hidden Content]]
  2. httpx httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Simple and modular codebase making it easy to contribute. Fast And fully configurable flags to probe multiple elements. Supports vhost, urls, ports, title, content-length, status-code, response-body probbing. Smart auto fallback from https to http as default. Supports hosts, URLs, and CIDR as input. Handles edge cases doing retries, backoffs, etc for handling WAFs. Changelog v1.1.4 Added probe-all-ips support to probe all the ips associated with same host by @zerodivisi0n in #427 Added Request dump support with debug/debug-req/debug-resp flag by @zerodivisi0n in #425 Added Functional tests by @LuitelSamikshya in #436 Added max recursion level for self-dos on recursive load function by @Mzack9999 in #420 Fixed bug using path flag in stream mode by @Mzack9999 in #415 Fixed follow-host-redirects option when customizing the host request header by @z0neGit in #418 Fixed bug with title flag producing new lines in output by @LuitelSamikshya in #448 [hide][Hidden Content]]
  3. http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. [hide][Hidden Content]]
  4. Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.2 Few minor fixes. [hide][Hidden Content]]
  5. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.1 Comma-separated values can now be used to specify tests. [hide][Hidden Content]]
  6. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.0 Added proxy option, and did some small tweaks. [hide][Hidden Content]]
  7. HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that’s useful for getting files (and other information) off a machine using HTTP. While there are many use-cases, it’s meant to be used in low-stakes offensive scenarios (e.g., CTFs). Think of this as python3 -m http.server but for getting data off a machine instead of on the machine. Obviously, this is a very loud and somewhat restricted way of exfiltrating data. Nevertheless, it’s quite handy and somewhat easier than, for example, using SMB or FTP. If you are looking for something more elegant, have a look at, for example, dnsteal or PyExfil. [hide][Hidden Content]]
  8. Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v4.3 Regular expression fix. Content length fixes for cURL on Windows. Code rebase lots of fixes and broken URL parser testing. [hide][Hidden Content]]
  9. Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with 'Content-Length: 0' header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two 'Host' headers, various URL path injections, basic authentication/authorization including null session. [hide][Hidden Content]]
  10. HTTPUploadExfil HTTPUploadExfil is a (very) simple HTTP server written in Go that’s useful for getting files (and other information) off a machine using HTTP. While there are many use-cases, it’s meant to be used in low-stakes offensive scenarios (e.g., CTFs). Think of this as python3 -m http.server but for getting data off a machine instead of on the machine. Obviously, this is a very loud and somewhat restricted way of exfiltrating data. Nevertheless, it’s quite handy and somewhat easier than, for example, using SMB or FTP. If you are looking for something more elegant, have a look at, for example, dnsteal or PyExfil. [hide][Hidden Content]]
  11. itsMe

    CosaNostra v1.2 HTTP BotNet

    --------------------[ Features ]-------------------- Keylogger Clipper Screenshot Stealer Files (Photos , Docs , TXT) Download and Execute (Loader) Get information Device [PC Name , Operating System , Firewall , Memory (RAM) , Anti Virus , Processor ] Get location and address Clear Cookies and Session from 20 Browsers like [ Google Chrome , Mozilla Firefox , Opera , Yandex etc...] Anti-Sandbox like [ wireshark , Process Hacker , TCPVIEW , virtualBox , sandboxie etc... ] ----------------[ WebPanel Features ]---------------- # dynamic Pages # Responsive pages [You can use it from a phone] # Home page you can see all bots and counters like [Total Bots , Keylogger Reports , Screenshot ] and info like [HWID , Country IP , Stat ( online or offline), Last Seen ] # Settings Page from this page You can set a convenient time for you. You can also activate the file stealing a feature from the victim device # Tasks Page you can add task Download and Execute or delete tasks # User Page you can Change User information [Hidden Content] Server Scan [Hidden Content]
  12. itsMe

    HTTP Debugger Pro 9.11

    Debug HTTP API calls to a back-end and between back-ends Easy to use, clean UI, and short ramp-up time Not a proxy, no network issues! v9.11 - Feb 8, 2021 Improvements Improved support for Client Certificates. Other Changes Fixed an issue with selecting a request from the Submitter. Fixed an issue with auto-scrolling the grid to the selected line. Fixed an issue with Out Of Memory. [Hidden Content] [hide][Hidden Content]]
  13. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) [hide][Hidden Content]]
  14. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features/to do HTTP man-in-the-middle (MITM) proxy and GraphQL server. Web interface (Next.js) with proxy log viewer. Add scope support to the proxy. Full-text search (with regex) in the proxy log viewer. Project management. Sender module for sending manual HTTP requests, either from scratch or based off requests from the proxy log. Attacker module for automated sending of HTTP requests. Leverage the concurrency features of Go and its net/http package to make it blazingly fast. Changelog v0.2.1 6931d63 Remove GitHub workflows 71e87d3 Remove modd.conf 81fbfe4 Tidy up .gitignore f6789fa Tidy up manual build process 0ffbb61 Update README c01f190 Use Go instead of C for regexp sqlite func [hide][Hidden Content]]
  15. Tool to scan for secret files on HTTP servers. snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. Changelog v0.0.9 Fix problems with dnspython 2.x, see #54. Add .orig extension to backupfiles test. Add new tests for wordpress debug.log files and url-encoded HTTP header. Minor bugfixes. [hide][Hidden Content]]
  16. httpx httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Features Simple and modular codebase making it easy to contribute. Fast And fully configurable flags to probe multiple elements. Supports vhost, urls, ports, title, content-length, status-code, response-body probbing. Smart auto fallback from https to http as default. Supports hosts, URLs, and CIDR as input. Handles edge cases doing retries, backoffs, etc for handling WAFs. Changelog v0.0.8 0e18ab4 content-type fix with no color [hide][Hidden Content]]
  17. snallygaster Tool to scan for secret files on HTTP servers. snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. [hide][Hidden Content]]
  18. httpx httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Features Simple and modular codebase making it easy to contribute. Fast And fully configurable flags to probe multiple elements. Supports vhost, urls, ports, title, content-length, status-code, response-body probbing. Smart auto fallback from https to http as default. Supports hosts, URLs, and CIDR as input. Handles edge cases doing retries, backoffs, etc for handling WAFs. Changelog v0.0.4 2842f9c Added asn2cidr helper script [HIDE][Hidden Content]]
  19. dEEpEst

    Parasite HTTP botnet + all plugins

    Parasite HTTP botnet + all plugins Parasite HTTP is a professionally coded modular remote administration tool for windows written in C that has no dependencies except the OS itself. With ~ 49kb stub size and plug-in support, this is an ideal solution for managing a large number of computers from a remote location. First of all, the password stealer is extremely advanced. At the same time, it can be used for any of your password recovery. Plugins: User Management Browser Password Password Browser FTP Password IM Password Theft Email Password Stealer Windows License Key Hidden VNC Reverse Proxy Socks5 Features: No dependencies (encoded in C) Small stub size (~ 49 KB without compression, ~ 23 KB) Dynamic API calls (without IAT) Encrypted strings Bypass hooks Ring3 C&C safe panel written in PHP Firewall bypass Supports both x86, so and x64 Windows OS (from XP to 10) Full Unicode support Online builder tied to your domain / houses (Build a bot at any time with any settings) EN: Parasite HTTP Botnet + All Plugins Parasite HTTP is a professionally coded modular remote administration tool for windows written in C that has no dependencies except the OS itself. With the stub size of ~ 49kb and plugin support it presents perfect solution for controlling large amount of computers from a remote location. Above all, the password stealer is extremely advanced. That being said, it can be used for any of your password recovery uses. Plugins: User management Browser password stealer FTP password steaker IM password stealer Email password stealer Windows license keys stealer Hidden VNC Reverse Socks5 proxy Features: No dependencies (Coded in C) Small stub size (~ 49kb uncompressed, ~ 23kb compressed) Dynamic API calls ( No IAT) Encrypted strings Bypass Ring3 hooks Secure C&C panel written in PHP Firewall bypass Supports both x86 and x64 Windows OS (from XP to 10) Full unicode support Online builder tied to your domain / s (Build bot bin anytime with any settings you wish) Download: [HIDE][Hidden Content]] Password: level23hacktools.com
  20. snallygaster Tool to scan for secret files on HTTP servers what? snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. As an introduction to these kinds of issues you may want to watch this talk: Attacking with HTTP Requests See the TESTS.md file for an overview of all tests and links to further information about the issues. [HIDE][Hidden Content]]
  21. Dear, Our infrastructure is unique, battle-tested, and carefully monitored by supervisors 24/7. There is no other proxy provider even close to operating at the same level and standards that we do. FULLY ANONYMOUS All our proxies are carefully set and monitored to ensure they are 100% anonymous and without any sort of IP or DNS leaks. MULTIPLE DATACENTERS We're offering more than 100 locations for our proxies, and we continuously refresh our list to add more locations from all over the world. INSTANT ACTIVATION Your proxies are activated instantly once your payment enters our system, and we stand behind this word, which is not just for marketing. HIGH-SPEED CONNECTIONS All our servers are attached to 1Gbps and 10Gbps connections, and we regularly update our networking stacks to maintain a top position in terms of speed. Our prices have always been competitive, and we plan on keeping them that way. On top of that, we still have discounts based on quantity or billing period, so make sure you play with our pricing calculator below to estimate your expenses. List of Datacenters: Our Prices: Per one Month Shared Proxy: $1.00 Private Proxy: $6.99 Shared Socks: $1.50 Private Sock: $8.99 Residential Proxy: $13.89 Residential Socks: $17.98 Restrictions: When using our services, the following restrictions apply Support: Remember, we don't have any Telegram, Skype ... Be careful all are fake In this forum: New topic or send a message Email: [email protected] Live Chat 10% OFF - ONLY level23 [Hidden Content] Anonymous HTTP & SOCKSv5 Proxies - LuxProxy.com
  22. itsMe

    HTTP Debugger v9.10

    HTTP Debugger v9.10 HTTP Debugger Changes Debug HTTP API calls to a back-end and between back-ends Easy to use, clean UI, and short ramp-up time Not a proxy, no network issues! v9.10 - Mar 3, 2020 Other Changes Fixed compatibility issues with antivirus software. [Hidden Content] [HIDE][Hidden Content]]
  23. snallygaster Tool to scan for secret files on HTTP servers what? snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities. As an introduction to these kinds of issues you may want to watch this talk: Attacking with HTTP Requests See the TESTS.md file for an overview of all tests and links to further information about the issues. [HIDE][Hidden Content]]
  24. dEEpEst

    UBoat HTTP Botnet

    Features Coded in C++ with no dependencies Encrypted C&C Communications Persistence to prevent your control being lost Connection Redundancy (Uses a fallback server address or domain ) DDoS methods (TCP & UDP Flood) Task Creation System ( Altering system HWID,Country,IP,OS.System ) Remote Commands Update and Uninstall other malware Download and Execute other malware Active as well as Passive Keylogger Enable Windows RDP Plugin system for easy feature updates Panel Setup Tutorial: [HIDE][Hidden Content]] Bot Compilation: [HIDE][Hidden Content]] Download: [HIDE][Hidden Content]]
  25. itsMe

    HTTP Debugger Pro 9.9

    HTTP Debugger v9.9 HTTP Debugger Changes [Hidden Content] Debug HTTP API calls to a back-end and between back-ends Easy to use, clean UI, and short ramp-up time Not a proxy, no network issues! [Hidden Content] [HIDE][Hidden Content]]