Search the Community

Bypass 4xx HTTP response status codes and more. Based on PycURL. Script uses multithreading and is based on brute forcing, so it might have some false positive results. Script has colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To manually filter out false positive results, for each unique content length, run the provided cURL command and check the response. If it does not result in bypass, just ignore all the results with the same content length. v9.4 Bug fixes and slight improvements. Python tool for brute forcing 4xx response status codes. Based on PycURL. [hide][Hidden Content]]

x13 Paramount+ | Subcription = NEW_FREE_PACKAGE | Status = ACTIVE [Hidden Content]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v9.1 Reintroduced PycURL as it is less prone to exceptions and because Python Requests fixed their double header bug. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes and more. Script uses multithreading and is based on brute forcing, so it might have some false positive results. Script has colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To manually filter out false positive results, for each unique content length, run the provided cURL command and check the response. If it does not result in bypass, just ignore all the results with the same content length. v8.4 Latest Package install. Removed PycURL as it was redundant, Python Requests does the same job. Python tool for brute forcing 4xx response status code [hide][Hidden Content]]

What does HTTP Response Status Code Says? List Of Most Commonly Shown Status Code Along With Their Saying 100 : Continue 101 : Switching Protocol 102: Processing (WebDAV) 103 : Early Hints 200: OK 201 : Created 202 : Accepted 203 : Non-Authoritative Information 204 : No Content 205 : Reset Content 206 : Partial Content 207 : Multi-Status (WebDAV) 208 : Already Reported (WebDAV) 226 : IM Used (HTTP Delta encoding) 300 : Multiple Choice 301 : Moved Permanently 302 : Found 303 : See Other 304 : Not Modified 305 : Use Proxy 306 : unused 307 : Temporary Redirect 308 : Permanent Redirect 400 : Bad Request 401 : Unauthorized 402 : Payment Required . 403 : Forbidden 404 : Not Found 405 : Method Not Allowed 406 : Not Acceptable 407 : Proxy Authentication Required 408 : Request Timeout 409 : Conflict 410 : Gone 411 : Length Required 412 : Precondition Failed 413 : Payload Too Large 414 : URI Too Long 415 : Unsupported Media Type 416 : Range Not Satisfiable 417 : Expectation Failed 418 : I'm a teapot 421 : Misdirected Request 422 : Unprocessable Entity (WebDAV) 423 : Locked (WebDAV) 424 : Failed Dependency (WebDAV) 425 : Too Early 426 : Upgrade Required 428 : Precondition Required 429 : Too Many Requests 431 : Request Header Fields Too Large 451 : Unavailable For Legal Reasons 500 : Internal Server Error 501 : Not Implemented 502 : Bad Gateway 503 : Service Unavailable 504 : Gateway Timeout 505 : HTTP Version Not Supported 506 : Variant Also Negotiates 507 : Insufficient Storage (WebDAV) 508 : Loop Detected (WebDAV) 510 : Not Extended 511 : Network Authentication Required HTTP Response Status Codes Indicates Whether A Specific HTTP Request Has Been Successfully Completed ==============================

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v7.8 Default number of parallel threads fix, added base domain IPs, and some other optimizations. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v7.5 Added stats at finish. Lots of bug fixes, improvements, and new tests added. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v6.3 Fixed some issues in URL encoding bypasses and added new ones, and added more HTTP header and URL path bypasses. Added option to filter false-positive results by content length. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.8 Added port overrides, and added more HTTP request headers. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.7 Heavy refactoring of encoding option, and some tweaks. Added some new ideas in “to do” list. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.4 Description/text updates. Added scheme-override bypass. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.3 Added scheme-override bypass. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.2 Few minor fixes. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.1 Comma-separated values can now be used to specify tests. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.0 Added proxy option, and did some small tweaks. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v4.3 Regular expression fix. Content length fixes for cURL on Windows. Code rebase lots of fixes and broken URL parser testing. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with 'Content-Length: 0' header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two 'Host' headers, various URL path injections, basic authentication/authorization including null session. [hide][Hidden Content]]

Combos type: User:pass Proxy: HTTP/ Sock4 [Hidden Content]