Home

Awesome

    __                __ __           
   / /_  __  ______  / // / _  ___  __
  / __ \/ / / / __ \/ // /_| |/_/ |/_/
 / /_/ / /_/ / /_/ /__  __/>  <_>  <  
/_.___/\__, / .___/  /_/ /_/|_/_/|_|  
      /____/_/                        

40X bypasser in Go. Methods from #bugbountytips, headers, verb tampering, user agents and more.

Usage:

byp4xx <cURL or byp4xx options> <URL or file>

Some cURL options you may use as example:
  -L follow redirections (30X responses)
  -x <ip>:<port> to set a proxy
  -m <seconds> to set a timeout
  -H for new headers. Escape double quotes.
  -d for data in the POST requests body
  -...
  
 Built-in options:
  --all Verbose mode (by default only 2xx and 3xx codes will be prompted)
  -t or --thread Set the maximum threads. Rate limit disabled when threads are enabled. Use carefully.
  --rate Set the maximum reqs/sec. Only one thread enforced, for low rate limits. (5 reqs/sec by default)
  -xV Exclude verb tampering
  -xH Exclude headers
  -xUA Exclude User-Agents
  -xX Exclude extensions
  -xD Exclude default creds
  -xS Exclude CaSe SeNsiTiVe
  -xM Exclude middle paths
  -xE Exclude end paths
  -xB Exclude #bugbountytips

Examples:

Regular usage:

byp4xx http://localhost/test

Avoid default creds if the response is not 401:

byp4xx -xD http://localhost/test

Avoid end paths and extensions if the url ends with /:

byp4xx -xE -xX http://localhost/test

Set 2 seconds timeout, follow redirections and use proxy

byp4xx -m 2 -L -x 127.0.0.1:8080 http://localhost/test

Custom headers, you should escape double quotes:

byp4xx -H \"Authorization: Bearer <JWT>\" http://localhost/test

Features:

Buy me a coffee... or a pizza! Stay cool! ^_^