🔏
roguebook
  • group
    • Web
      • Concepts
      • OAuth 2.0
      • File upload
      • API testing
      • Web Cache Decpetion
      • CORS
      • CSRF
      • Cross site web socket hijacking
      • XS-Leaks
    • Bug Bounty
      • Recon
        • Dorking
          • SSL Checker
        • Wordlists
          • Twitter wordlist suggestions
      • Tips & Tricks
        • Combined
        • CSP Bypasses & open redirect
        • 403 Bypass
        • Arrays in JSON
        • Open Redirect
        • Next.js Application
        • Locla File Read
        • External Link
        • xss bypass
        • CSRF cors bypass
      • Talks/Interviews/Podcasts
        • Bug Bounty Talks
        • Podcasts
          • Critical Thinking - Bug Bounty Podcast
            • Learning
      • Tools
    • Android
      • Getting Started
      • Intent Attack Surface
      • Broadcast Receivers
      • Android Permissions
      • Android Services
      • Content and FileProvider
      • WebView & CustomTabs
      • Insecure Storage
      • Tips & Tricks
    • Thick Client
      • Lab Setup
      • Information Gathering
      • Traffic analysis
      • Insecure Data storage
      • Input validation
      • DLL hijacking
      • Forensics
      • Extra resources
    • OSINT
      • OpSec
    • Malware Analysis
      • Lab Setup
      • Networking
      • Tools
      • Malware source
      • Basic Static Analysis
      • Basic Dynamic Analysis
      • Advanced Analysis
      • Advanced Static Analysis
      • Advanced Dynamic Analysis
    • Malware Development
    • Blue Team
      • Tools
      • Malware Analysis
        • Basic Static Analysis
    • Binary Exploitation
      • Assembly
    • Infographics
    • Malware Analysis
Powered by GitBook
On this page
  1. group
  2. Bug Bounty
  3. Tips & Tricks

403 Bypass

Some tips that can help when you trying to bypass 403

PreviousCSP Bypasses & open redirectNextArrays in JSON

Last updated 1 year ago

  • Hacktricks has vast majority of tricks on this topic:

  • Case Switching: Sometimes literal string are blocked which can be bypassed e.g

    • /admin can be blocked but

    • /Admin or /aDmin can bypass the check.

  • For getting CNAME of domain you can use dig command. And try to access cname directly.

Tools:

Tools can automate most of the stuff for you like changing verb, special characters, HTTP headers. But manually verify things if possible.

Tools other than that are already listed in hacktricks you can also use

403bypasser:

Burp plugin: 403 bypasser:

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/403-and-401-bypasses
https://github.com/yunemse48/403bypasser
https://portswigger.net/bappstore/444407b96d9c4de0adb7aed89e826122