Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

What are those damn error codes

Reply
Views: 1128 - Replies: 0  
Thread Tools Display Modes

Proxy error codes
Old 02-23-2007, 04:27 PM   #1
tpstdd
Moderator
 
tpstdd's Avatar
 
tpstdd is offline Offline
Join Date: Jan 2005
Posts: 1,308
Threads: 231
tpstdd is on a distinguished road
Default Proxy error codes

I'm always seeing peeps complaining about 4xx responses and how they can be avoided. The simple answer is that they can't be eliminated but these undesired http response codes can be reduced. The reality is http responses including headers from server side scripts, can easily be programed as a php script that would spew 403 errors or any other error codes. The first step (which in my opinion is the most important step) is to TEST YOUR PROXIES AGAINST THE SITE that you are trying to bruteforce with keywords!!. If you don't know how to do this, stop reading right now and go learn.

Once you have detemind that all your proxies are able to send and receive an http data stream back from the Web server. this data stream contains status codes whose values are determined by the HTTP protocol. So what do all these codes mean and why are you getting them? To start off, all valid hits will generate either a 2xx (successful server response) or 3xx (re-direct response) reply. Some fakes will generate these response codes as well so that is why failure/success keywords are important when brute forcing. Now to the 4xx error codes.

401 Unauthorized - HTTP data stream sent by your bf tool was correct, but access to the URL resource requires user authentication which has not yet been provided or has been provided but failed authorization tests. This is commonly known as "HTTP Basic Authentication". The actual authentication request expected from the client is defined in the HTTP protocol as the WWW-Authenticate header field. This is good!!! You know everything is working and your bf session is working. (assuming you have tested the proxies against the site first, right?)

403 Forbidden - HTTP data stream sent by your bf tool was correct, but for some reason access to the URL resource has been denied. This could be a result of the proxy/ip being banned or the username/password not correct/expired. If many 403's start occuring during a bf session, re-test those proxies against the site again. Some sites will ban ip's after several repeated attempts, that's why we test with only a few bots. If proxies that yield a 403 responses when bruteforcing, still yield 200 or 401 response when testing against the site, the proxies are still good!!

404 Not Found - This reply can simply be a custom 404 error handler by the site you are trying to brute force. AD will spew 404 responses more then other bf tools as a way saying that the pass did not work. If you get a lot of 404's, re-test your proxies against the site and try using a different bf tool other then AD for that particular site.

405 Method not allowed - Generally, you use three motheds to connect to a server when bruteforcing; HEAD, GET (pop-up authentication) and POST (Forms). There are more http connect methods but not relavent to what we are doing. If any of these particular connect identifiers are not allowed by the server, you will get a 405 response. You should not get 405 responses if you are using good proxies to brute force pop-up authentication log-ins unless the server does not accept Get method although this is unlikley. One can always try HEAD to connect to see if it generates the same 405 response. 405 responses with forms is more common. Eventhough you tested your proxies against the site, you may still not be able to use certain proxies because they do not accept POST requests. All this can be set up by the site admin via htaccess as part of the site security.

Hopefully this information will help some of you. Happy testing.

Last edited by tpstdd; 02-28-2007 at 10:02 PM..
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 01:13 PM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org