Complete Guide To Bypass 403 Error – Bug Bounty

While doing the bug bounty, sometimes, we came across 403 error pages due to lack of permission. Now what next? Shall we leave the target?

Well, not really. There is a huge opportunity. 💰

In this blog, we’ll discuss how to leverage these errors and crack good bounties out of it.

HTTP response status codes designate whether a specific HTTP request has been successful between server and client.

There are 5 different groups of HTTP status codes:

  • Informational response (100-199)
  • Successful response (200-299)
  • Redirection messages (400-499)
  • Client-side error response (400-499)
  • Server-side error response (500-599)

Now that you know about the HTTP status code, let’s move on to the 403 error code introduction.

Why 403 Forbidden Error

403 is a client-side error response, it indicates that the server understands the request but due to lack of permission the server refuses to authorize it.

When you try to access a page or some media from a website, the webserver checks if the requested user has permission to read the requested page or media.

When the webserver finds that the requested user doesn’t have permission to read it, then the webserver sends back the HTTP 403 Forbidden status code and shows it to the browser.

Hope you are clear till now 🙂

Let’s Exploit

In web pen-testing and bug bounties, the 403 Forbidden status code can be bypassed via 2 approaches:

  • Manual Approach
  • Automated Approach

Here in this blog post, we’ll discuss both the approaches in detail.

Bypassing the 403 status code the attacker could get sensitive files, which he shouldn’t have access to. Here we will learn both the manual method and also the automated method to bypass this status code.

Manual Approach

The error could case for many reasons.

So, here I have discussed 5 different methods that you can try:

  • Directory Based Attack
  • File Based Attach
  • Protocol Based Attack
  • HTTP Request Method Based Attack
  • Header Based Attack

The easiest way to bypass the 403 Forbidden error is to insert some characters after the domain, like (/, /, /./, %2f, ./., //).

Let’s see the below examples.

Directory Based

  • => 403
  •* => 200
  • => 200
  • => 200

File Based

  • => 403
  • => 200
  • => 200

Protocol Based

  • => 403
  • => 200

HTTP Request Method Based

  • GET => 403
  • POST => 200
  • TRACE => 200
  • PUT => 200
  • OPTIONS => 200

Header Based

  • Without those headers => 403
  • Content-Length: 0 => 200
  • X-rewrite-url => 200
  • X-Original-URL => 200
  • X-Custom-IP-Authorization => 200
  • X-Forwarded-For => 200

Automated Approach

In real life and bug bounties, there will be thousands of URLs that you might need to check for 403 Forbidden error bypass. It is almost impossible to do manually unless you are in a dream.

So, to make our life easier, hackers have invented many 403 bypass automation tools. Here, we are going to have a look at the automated approach to bypass the 403 Forbidden error.

403bypasser is a good tool created using python by yunemse48 for bypassing 403 Forbidden error. Here you will see the installation and also the usage of the tool.

Tool Installation

Step 1: Clone the GitHub repository to your machine, `git clone`

learn ethical hacking, bug bounty

Step 2: `cd 403bypasser` then install the python module requirements by executing the command `pip install -r requirements.txt`.

learn ethical hacking, bug bounty

Well, there you go the installation is over. It’s time to see it in action.
The basic usage of the tool is like `python3 -u -d /secret` as shown below.

NOTE: The example site is not vulnerable, the site is tested just to show you how it works.

This is when you have a single domain and a list of possible directories that you might get from directory fuzz, `python3 -u -D dirlist.txt`.

The third technique is useful when you want to try multiple URLs with a single directory or file. `python3 -U urllist.txt -d /secret`

And the 4th and final technique is when you want to check for a list of URLs and also a list of directories, `python3 -U urllist.txt -D dirlist.txt`

Final Note

Thanks for your time. Hope, now you are much clear about the concept. If you like this, make sure to share it with others so that they can leverage this information. For any doubts or questions, please leave a comment below.

Leave a Comment