Hello folks, This is my First writeup so forgive me if write something wrong. so without wasting any time let’s talk about our topic 403-Forbidden Bypass.
I think if you are here you all know why we get 403 error and what is the meaning of 403. So if you don’t know, here is a short description about 403.
What is 403 Forbidden
So basically 403 is a http response code which means forbidden. when you try to access resources that you are not authorized to access at that time you will face this 403 error. Which means you don’t have permission to access this resource. Resource can be anything like directory, subdomain and etc.
There are many techniques to bypass 403 forbidden. lets see one by one.
1. Changing request method
There are many http methods like get, post, trace, options, delete and etc. you can Bypass 403 forbidden by changing http method. like:
→GET to POST
→GET to TRACE
→GET to OPTIONS
2. HTTP Headers
By adding headers in your request. there are many headers that you can use:
X-Custom-IP-Authorization:
X-Custom-IP-Authorization + ..;:
X-Original-URL:
X-Rewrite-URL:
X-Originating-IP:
X-Forwarded-For:
X-Remote-IP:
X-Client-IP:
X-Host:
X-Forwarded-Host:
Values you can use:
localhost
localhost:443
127.0.0.1
127.0.0.1:80
10.0.0.0
192.168.1.1
3. Path manipulation
file?:
//file//
file??:
file//.//./
file//:
file%09
file/./:
file.html
/%2e/file
file..;:
file.php
file.json
file.html
Tools
If you don’t want to do manually there are so many tools also available that you can use some are:
And many tools you can find on GitHub.
So that’s all and I hope you learned here something.😊
