Some tips that can help when you trying to bypass 403
Hacktricks has vast majority of tricks on this topic: https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/403-and-401-bypassesarrow-up-right
Case Switching: Sometimes literal string are blocked which can be bypassed e.g
/admin can be blocked but
/admin
/Admin or /aDmin can bypass the check.
/Admin
/aDmin
For getting CNAME of domain you can use dig command. And try to access cname directly.
dig
Tools can automate most of the stuff for you like changing verb, special characters, HTTP headers. But manually verify things if possible.
Tools other than that are already listed in hacktricks you can also use
403bypasser: https://github.com/yunemse48/403bypasserarrow-up-right
Burp plugin: 403 bypasser: https://portswigger.net/bappstore/444407b96d9c4de0adb7aed89e826122arrow-up-right
Last updated 2 years ago