back
loading skill details...
>-
SKILL: 401/403 Bypass Techniques — Expert Attack Playbook AI LOAD INSTRUCTION: Comprehensive 401/403 forbidden bypass techniques. Covers path normalization tricks, HTTP method override, header-based bypasses (X-Original-URL, X-Forwarded-For), protocol version tricks, and combination attacks. Base models typically know 2-3 header bypasses but miss the full matrix of path manipulation variants and verb+path combos. 0. RELATED ROUTING authbypass-authentication-flaws — broader auth bypass (login flaws, session handling) waf-bypass-techniques — when bypass is WAF-specific rather than access control http-host-header-attacks — Host header manipulation for routing bypass request-smuggling — smuggle past access controls entirely http2-specific-attacks — h2c smuggling to bypass proxy ACLs 1. PATH MANIPULATION BYPASSES The core idea: the reverse proxy/WAF checks one path format, but the backend normalizes differently. 1.1 Trailing Slash / Missing Slash
don't have the plugin yet? install it then click "run inline in claude" again.