I think we don't need to mention what's this article is about. But it's ok. Let me explain a little about what is 403 Forbidden Bypass feature.
We are talking about HTTP Response Code Status. Normally, if there is no problem, any URL will response with 200.
As you can see, by open google.com, we get 3 HTTP Response Code. 301, 200, and 204. Here what are they.
301 - Moved Permanently
This happen because i only type "google.com", without http:// or https:// in address bar. By default, browser would added "http://" before the server redirect to "https://" , by following this redirect, server give client response with 301.
200 - OK
File / folder are open normally
204 - No Content
204 No Content success status response code indicates that a request has succeeded, but that the client doesn't need to navigate away from its current page.
This might be used, for example, when implementing "save and continue editing" functionality for a wiki site. In this case a
PUT request would be used to save the page, and the
204 No Content response would be sent to indicate that the editor should not be replaced by some other page. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204)
After explanation about those 3 HTTP Codes, then what about 403 ?
403 - Forbidden
403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.
This status is similar to
401, but for the
403 Forbidden status code, re-authenticating makes no difference. The access is tied to the application logic, such as insufficient rights to a resource. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403)
Sometimes a file or folder is hidden on purpose by the developer. If the file or folder is opened, then the http code 403 Forbidden will appear.
By using HTTP Tools version 5.9.6, some file or folders are vulnerable by payloads that provided by the app. This image below shows payloads that provided by HTTP Tools.
As we can see, directory that originally response 403 Forbidden, can be bypassed and get response HTTP Status 200.
[added] Bypass 403 Forbidden
[update] Now support Android 13 Tiramisu
If you have questions about HTTP Tools, or feature requests, you can join us directly
at Telegram groups HTTP Tools https://t.me/httptoolsdev
or on the Telegram Channel https://t.me/httptools
at Google Play
at Huawei AppGallery
20 Juli 2023
On January 12, 2023 we released HTTP Tools version 5.8.0. However, this latest version was only
11 Januari 2023
DisclaimerWhy in this article we call it Critical Update, because a few days ago the zitconnaissance.com