Forbidden (403) bypass script added.

[rahulMishra05]

This is a shell script that can be used to bypass 403 page. It uses different payload that can help security researcher/bug bounty hunters to bypass the 403 (forbidden) page. The name of the file that contains this script is forbid_bypass.sh.

Other than that I also added command to download curl command, this change is done in the install.sh file present in the root directory of the project.

This script uses different types of bypass techniques to bypass 403 page and they are listed below:

1. HTTP Header Bypass
2. Protocol Based Bypass
3. Port Based Bypass
4. HTTP Method Bypass
5. URL Encoded Bypass

[jaideep-sp]

have you tried it for XSS bypassing? I have tried all possible solutions to trigger XSS but everytime I get 403 Forbidden. Help me dude. but haven't tried this payload.

[rahulMishra05]

This script can be used to bypass 403 Forbidden page. See, if you get any page which gives you 403 when you try to access that, then use this script against that.
Eg:- Suppose you are testing example.com and you get a subdomain test.example.com/admin which gives you 403 Forbidden message on the screen when you try to access it, then in that case use this script by running this command ./forbid_bypass.sh test.example.com/admin and if there is a vulnerability in the application then you will find a payload which can give you access to the Forbidden page.

I hope it helped, and I was able to clear your doubts. 👍