Show HN: A tool that alerts when 404s silently return 200)

https://heberjulio65.medium.com/when-an-404-suddenly-turns-200-and-you-didnt-knew-b35e474df44b

2•kurogai•6mo ago

Hey HN,

I recently ran into a scenario where a page that used to return a 404 suddenly started returning 200 — without warning. This led to the discovery of a forgotten admin endpoint being accidentally reactivated.

I wrote a short post about this issue and how it can surface subtle security or logic flaws.

Along the way, I built a small tool (ReconSnap) to help monitor this kind of thing — basically, it tracks web changes, auto-saves pages, and can react to specific conditions like status code flips, keyword appearance, or DOM mutations. It’s aimed mostly at security folks, OSINT researchers, and curious developers.

I realize this may seem like a bit of a promo, but I genuinely use it myself and figured it might be useful to others too. Feedback is welcome!

Here’s the post: https://medium.com/@heberjulio65/when-an-404-suddenly-turns-...

Comments

bubblebeard•6mo ago

Interesting, this is a problem I have never considered. Regarding DOM changes though, wouldn’t it make more sense to monitor files for unexpected changes instead?

kurogai•6mo ago

That makes sense — if you’re monitoring from within the system and have access to files directly, that’s definitely a more robust way to detect changes.

But my use case is more external-facing.

So the only thing you can rely on is what the browser sees — HTML, DOM, JS. In that context, unexpected DOM changes (like a hidden login form reappearing, or a 403 turning into a 200) can be quite telling.

What do you think?

bubblebeard•6mo ago

Ah of course, that makes sense then. What about dynamic DOM content though? Like content produced by PHP or similar. Is that filtered somehow or does this analysis expect static content?

Nestlé couldn't crack Japan's coffee market.Then they hired a child psychologist

Notes for February 2-7

Study confirms experience beats youthful enthusiasm

The Big Hunger by Walter J Miller, Jr. (1952)

The Genus Amanita

We have broken SHA-1 in practice

Ask HN: Was my first management job bad, or is this what management is like?

Ask HN: How to Reduce Time Spent Crimping?

KV Cache Transform Coding for Compact Storage in LLM Inference

A quantitative, multimodal wearable bioelectronic device for stress assessment

Why Big Tech Is Throwing Cash into India in Quest for AI Supremacy

How to shoot yourself in the foot – 2026 edition

Eight More Months of Agents

From Human Thought to Machine Coordination

The new X API pricing must be a joke

Show HN: RMA Dashboard fast SAST results for monorepos (SARIF and triage)

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

Python Only Has One Real Competitor

Tmux to Zellij (and Back)

Ask HN: How are you using specialized agents to accelerate your work?

Passing user_id through 6 services? OTel Baggage fixes this

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

Visual data modelling in the browser (open source)

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

Oddly Simple GUI Programs

The New Playbook for Leaders [pdf]

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests