progrez.cloud

Bypass 403 Forbidden Using HTTP Tools 5.9.6

26 Agustus 2023

I think we don't need to mention what's this article is about. But it's ok. Let me explain a little about what is 403 Forbidden Bypass feature.


We are talking about HTTP Response Code Status. Normally, if there is no problem, any URL will response with 200.



As you can see, by open google.com, we get 3 HTTP Response Code. 301, 200, and 204. Here what are they.


301 - Moved Permanently

This happen because i only type "google.com", without http:// or https:// in address bar. By default, browser would added "http://" before the server redirect to "https://" , by following this redirect, server give client response with 301.


200 - OK

File / folder are open normally


204 - No Content

The HTTP 204 No Content success status response code indicates that a request has succeeded, but that the client doesn't need to navigate away from its current page.

This might be used, for example, when implementing "save and continue editing" functionality for a wiki site. In this case a PUT request would be used to save the page, and the 204 No Content response would be sent to indicate that the editor should not be replaced by some other page. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204)


After explanation about those 3 HTTP Codes, then what about 403 ?


403 - Forbidden

The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.

This status is similar to 401, but for the 403 Forbidden status code, re-authenticating makes no difference. The access is tied to the application logic, such as insufficient rights to a resource. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403)


Sometimes a file or folder is hidden on purpose by the developer. If the file or folder is opened, then the http code 403 Forbidden will appear.



By using HTTP Tools version 5.9.6, some file or folders are vulnerable by payloads that provided by the app. This image below shows payloads that provided by HTTP Tools.



As we can see, directory that originally response 403 Forbidden, can be bypassed and get response HTTP Status 200.


What's New in version 5.9.6?


[added] Bypass 403 Forbidden

[update] Now support Android 13 Tiramisu


If you have questions about HTTP Tools, or feature requests, you can join us directly

at Telegram groups HTTP Tools https://t.me/httptoolsdev

or on the Telegram Channel https://t.me/httptools


Download HTTP Tools


at Google Play

https://play.google.com/store/apps/details?id=com.cafelabs.curlme

at Huawei AppGallery

https://appgallery.huawei.com/app/C102780191



01 September 2024

HTTP Tools 5.10.4 is Now Compatible With Android 14

After last update last year, HTTP Tools entered idle mode. So this year.This update bring only

644 Read

20 Juli 2023

HTTP Tools 5.8.0 is Now Available at Huawei AppGallery

On January 12, 2023 we released HTTP Tools version 5.8.0. However, this latest version was only

782 Read

11 Januari 2023

Critical Update! All version below HTTP Tools 5.8.0 No Longer Works.

DisclaimerWhy in this article we call it Critical Update, because a few days ago the zitconnaissance.com

1038 Read