Forbidden – Bypass 4xx HTTP Response Status Code

Forbidden - Bypass 4xx HTTP Response Status Code


Tool to bypass 4xx HTTP response status code. For example bypass 403 forbidden on website. I hope this tool can help you to bypass some Web Application Security while pentesting.

Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output.

Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending.

To filter out false positives, check each content length manually with the provided cURL command. If it does not results in bypass, just ignore all other results with the same content length.

Various HTTP methodsmethod
Various HTTP methods with ‘Content-Length: 0’ headermethod
Cross-site tracing (XST) with HTTP TRACE and TRACK methodsmethod
File upload with HTTP PUT methodmethod
Various HTTP method overridesmethod-override
Various HTTP headersheader
Various URL overridesheader
URL override with two ‘Host’ headersheader
Various URL path bypassespath
Various URL scheme overridesscheme-override
Basic authentication/authorization including null sessionauth
Broken URL parsersparser

Tested on Kali Linux v2021.4 (64-bit).

Installation and Run

Open your preferred console from /src/ and run the commands shown below.

Install required tools:

apt-get install -y curl

Install required packages:

pip3 install -r requirements.txt

Run the script:


Be aware of rate limiting. Give it some time before you run the script again for the same domain in order to get better results.

Some websites require a user agent header. Download a user agent list from here.


Bypass 403 Forbidden HTTP response status code:

count=0; for subdomain in $(cat subdomains_403.txt); do count=$((count+1)); echo “#${count} | ${subdomain}”; python3 -u “${subdomain}” -t method,method-override,header,path,scheme-override -f GET -o “forbidden_403_results_${count}.json”; done

Bypass 401 Unauthorized HTTP response status code:

count=0; for subdomain in $(cat subdomains_401.txt); do count=$((count+1)); echo “#${count} | ${subdomain}”; python3 -u “${subdomain}” -t auth -f GET -o “forbidden_401_results_${count}.json”; done

Broken URL parser check:

count=0; for subdomain in $(cat subdomains_live_long.txt); do count=$((count+1)); echo “#${count} | ${subdomain}”; python3 -u “${subdomain}” -t parser -f GET -o “forbidden_parser_results_${count}.json”; done

This tool is made for educational purposes. I hope it will help!

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + eighteen =