.png)
2 months ago
39 BOOK THIS SPACE FOR AD
ARTICLE AD
We covered some fundamental 403 bypass techniques in our previous blog post. I usually use those techniques without overthinking, but sometimes I tend to use a couple of different tools for different scenarios.
The first tool is by iamj0ker, which is a simple bash script I use for quick checks. Using this tool is straightforward — you need to pass your targeted website and the endpoint like so:
./bypass-403.sh https://target.com endpointThe endpoint could be “admin,” “secret,” “API,” a Swagger instance, or any other desired endpoint, but you must know that this endpoint exists beforehand. Let’s examine the script itself:
The script is concise, containing only 60 lines of code, with roughly half dedicated to displaying information on the screen and various curl commands. It tries different paths and payloads, such as applying dots, slashes, dot-slash combinations, and various headers like the original URL and rewrite URL. The script also attempts to append extensions like .html and .php and applies some additional headers.
I usually use this tool when I have a large number of URLs gathered for a target and I’m working from the terminal. If I encounter a specific interesting URL that returns a 403 error, I start by using this tool to see if it can…
Bengali (Bangladesh) · 
English (United States) ·