Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lobuhi/byp4xx

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
https://github.com/lobuhi/byp4xx

Last synced: 5 days ago
JSON representation

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

Host: GitHub
URL: https://github.com/lobuhi/byp4xx
Owner: lobuhi
Created: 2020-11-20T08:22:58.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2023-07-03T14:40:54.000Z (over 1 year ago)
Last Synced: 2024-11-21T04:51:59.550Z (21 days ago)
Language: Go
Homepage:
Size: 2.46 MB
Stars: 1,637
Watchers: 33
Forks: 282
Open Issues: 6
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - lobuhi/byp4xx - 40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials... (Go)

README

```
__ __ __
/ /_ __ ______ / // / _ ___ __
/ __ \/ / / / __ \/ // /_| |/_/ |/_/
/ /_/ / /_/ / /_/ /__ __/> <_> <
/_.___/\__, / .___/ /_/ /_/|_/_/|_|
/____/_/
```
40X bypasser in Go. Methods from #bugbountytips, headers, verb tampering, user agents and more.

**Usage:**
```
byp4xx

Some cURL options you may use as example:
-L follow redirections (30X responses)
-x : to set a proxy
-m to set a timeout
-H for new headers. Escape double quotes.
-d for data in the POST requests body
-...

Built-in options:
--all Verbose mode (by default only 2xx and 3xx codes will be prompted)
-t or --thread Set the maximum threads. Rate limit disabled when threads are enabled. Use carefully.
--rate Set the maximum reqs/sec. Only one thread enforced, for low rate limits. (5 reqs/sec by default)
-xV Exclude verb tampering
-xH Exclude headers
-xUA Exclude User-Agents
-xX Exclude extensions
-xD Exclude default creds
-xS Exclude CaSe SeNsiTiVe
-xM Exclude middle paths
-xE Exclude end paths
-xB Exclude #bugbountytips
```
**Examples:**

Regular usage:
```
byp4xx http://localhost/test
```

Avoid default creds if the response is not 401:
```
byp4xx -xD http://localhost/test
```

Avoid end paths and extensions if the url ends with /:
```
byp4xx -xE -xX http://localhost/test
```

Set 2 seconds timeout, follow redirections and use proxy
```
byp4xx -m 2 -L -x 127.0.0.1:8080 http://localhost/test
```

Custom headers, you should escape double quotes:
```
byp4xx -H \"Authorization: Bearer \" http://localhost/test
```

**Features:**
- Multiple HTTP verbs/methods
- Multiple methods mentioned in #bugbountytips
- Multiple headers: Referer, X-Custom-IP-Authorization...
- Accepts any cURL option
- Based on Seclist
- UserAgents
- Extensions
- Default credentials

**[Buy me a coffee... or a pizza! Stay cool! ^_^](https://buymeacoffee.com/lobuhi)**