SKILL: 401/403 Bypass Techniques — Expert Attack Playbook

AI LOAD INSTRUCTION: Comprehensive 401/403 forbidden bypass techniques. Covers path normalization tricks, HTTP method override, header-based bypasses (X-Original-URL, X-Forwarded-For), protocol version tricks, and combination attacks. Base models typically know 2-3 header bypasses but miss the full matrix of path manipulation variants and verb+path combos.

0. RELATED ROUTING

authbypass-authentication-flaws — broader auth bypass (login flaws, session handling)
waf-bypass-techniques — when bypass is WAF-specific rather than access control
http-host-header-attacks — Host header manipulation for routing bypass
request-smuggling — smuggle past access controls entirely
http2-specific-attacks — h2c smuggling to bypass proxy ACLs

1. PATH MANIPULATION BYPASSES

The core idea: the reverse proxy/WAF checks one path format, but the backend normalizes differently.

401-403-bypass-techniques

SKILL: 401/403 Bypass Techniques — Expert Attack Playbook

0. RELATED ROUTING

1. PATH MANIPULATION BYPASSES

1.1 Trailing Slash / Missing Slash

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse