Bug Bounty Automation for bypassing 403 response type pages

Pravinrp
2 min readMar 8, 2021

--

It has been long since I have posted my blog on security. However, this time I would like to bring you a top of bug bounty. I know!! as a security researcher most of you will be doing bug bounty hunting as part time or full time. Bug hunting is very challenging but there are many open source tools existing on internet to simplify the job. Today, we are going to check out an automation tool which I created based on an inspiration from iamj0ker (kudos to him!!)

Being a bug bounty hunter, every individual would have definitely encountered 403 access forbidden issue during content discovery of the target. This error can be sometimes bypassed due to security misconfiguration or misconfigured access level on server side. This script has been developed compiling multiple tips and tricks posted by multiple security researcher’s on twitter. When I checked multiple bypass techniques for 403 response code on twitter, I indeed wanted to automate them. That is how I ended up creating this tool. Please check and support if you like.

The script contains some cool tricks to bypass the 403 forbidden issue.

The github link is given below. I kindly request you all to pull the tool and try it. DO NOT alter the code.

Part of the script to give a glimpse about it,

Disclaimer: You shall not misuse this information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal.

If you like the content, please follow me on medium and LinkedIn

LinkedIn: https://www.linkedin.com/in/pravin-r-p-oscp-28497712b/

--

--

Pravinrp

OSCP/Security geek &researcher(Application/infrastructure/Mobile/cloud security)