403 bypass changing http method.

Let’s take our target domain is target.com.

As a bug hunter i started content discovery using some tools like

• Dirb
• Dirsearch
• Ffuf

After finding some content i gather all the endpoint into a file named urls.txt.

Then i want to check all urls status code so i simply ran the httpx tool

cat urls.txt | httpx -sc -td -server

Then i got a a 403 status code.

Again send the req and intercept the req and send it to repeter.

After changing the method from get to post we found 403 bypass!!!

Regards

rahman0x01