loading
loading
Vulnerabilities
A Go script for bypassing 403 forbidden responses.
overview
bypass-403 takes an endpoint that returns 403 Forbidden and replays a battery of known tricks to reach it anyway. Path mangling, spoofed headers, alternate HTTP methods, and casing changes each exploit the gap between the proxy or WAF that blocks a request and the application that ultimately serves it. When one variation slips through, you have an access-control flaw worth reporting.
The script is deliberately small. Give it a target URL and the protected path, and it cycles through its payloads, printing the HTTP status and response size for each request so a bypass stands out as a non-403 code. That focus makes it a fast confirmation step rather than a broad scanner.
Wire it into a Trickest Vulnerabilities workflow after a crawler or fuzzer turns up forbidden endpoints, and it tells you which restrictions are real and which are one header away from meaningless. It reads a URL and a path and writes its results as a file and a folder for downstream nodes to query.
use cases
Point bypass-403 at a path that returns 403 and let it try its tricks, so you learn whether the restriction holds or folds to a simple bypass.
Run it across the 403 responses a content fuzzer surfaced to find the few that a header or path trick turns into real access.
Check restricted admin or internal endpoints for bypasses before assuming the 403 in front of them is sufficient protection.
Probe whether a path blocked at the edge is still reachable through method or header variations, exposing rules that the app behind them does not enforce.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| target-url | STRING | -url | Target URL hosting the protected endpoint. |
| path | STRING | -path | The forbidden endpoint to test, for example admin. |
Showing key inputs. bypass-403 exposes 2 inputs in total.
example
# probe one forbidden path with every bypass payloadbypass-403 -url https://example.com -path admin--> https://example.com/admin403,146--> https://example.com/%2e/admin403,146--> https://example.com/admin/..;/200,10585--> https://example.com/admin X-Original-URL: /admin200,10585--> https://example.com/admin X-Forwarded-For: 127.0.0.1403,146guidance
Use bypass-403 when you have an endpoint returning 403 and want to know whether the restriction can be defeated. It tests a known path, it does not discover them, so feed it forbidden endpoints from ffuf or katana. For broad vulnerability testing, pair it with nuclei.
Another 403 bypass tool with a wider payload set and more options. bypass-403 is the lighter, single-purpose script.
Runs templated checks broadly. bypass-403 is the focused tool for one access-control question.
Finds the forbidden paths in the first place. bypass-403 then tests whether each one can be reached.
faq
related
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
Accurately fingerprint and detect Netscaler and Citrix ADC versions vulnerable to CVE-2023-3519.
ffuf surfaces forbidden paths on a target, then bypass-403 tries its tricks on each one and writes the endpoints it managed to reach as a queryable output.
Facts on this page come from the live Trickest tool library.