avatarMohit Varikuti

Summary

The article provides a method for bypassing a '403 Forbidden' error by using the cname of a subdomain.

Abstract

The article, titled "How to Get Around a ‘403 Forbidden Website’ Error," offers a brief guide on circumventing access restrictions denoted by the HTTP status code 403. The author shares a personal experience of encountering a 403 error while exploring various endpoints and subdomains of a website, which is anonymized as "blank.com." After discovering the subdomain [redacted.blank.com] with a 403 status, the author attempted to bypass the restriction using tools like bypass-403 and bypxx but found no success. Eventually, the author successfully accessed the restricted content by utilizing the cname record associated with the subdomain. The article concludes by inviting readers to support the author by leaving claps or following the publication, and it provides information on where to find more content and how to engage with the community.

Opinions

  • The author believes that encountering a 403 error indicates the presence of potentially valuable or confidential content on a website.
  • There is an implication that using publicly available tools like bypass-403 and bypxx may not always be effective in bypassing 403 errors.
  • The author suggests that using the cname record can be an effective method to bypass a 403 Forbidden error, implying that this is a less commonly known technique.
  • The author appreciates reader engagement and encourages it through claps, follows, and community interaction on platforms like Discord, Twitter, LinkedIn, and through their newsletter.

How to Get Around a ‘403 Forbidden Website’ Error

A small tip on how to bypass a ‘403 Forbidden Website’ error.

Image by Author

Today is a short article, it's just a small tip on how to bypass a 403 Forbidden. I hope you enjoy it!

What even are 403 Errors?

The HTTP status code 403 indicates that access to the requested resource is prohibited. Because it is a confidential page/domain, the server understands the request but will not complete it.

I began my research phase while messing around with random websites, which I’ll refer to as blank.com for security reasons. I began by identifying all of the target domain’s endpoints and subdomains. Subdomains of blank.com were discovered using subfinder.

subfinder -d blank.com — silent | httpx -sc

As predicted, I received a slew of subdomains with their status codes, but one in particular [redacted.blank.com] caught my eye since it was 403 banned, and I immediately thought to myself, “Hmmm… something is here!”

In order to get around the 403 error, I tried bypass-403, bypxx, and other free source GitHub tools, but no success! An idea occurred to me at this point, and I decided to try accessing the subdomain using its cname. I immediately used the dig command for the stated purpose.

dig blank.com

And, thankfully, it was reachable through cname. I was able to get around their prohibition!

And that's that.

Please leave some claps or follow if you enjoyed the article.

More content at PlainEnglish.io. Sign up for our free weekly newsletter. Follow us on Twitter and LinkedIn. Join our community Discord.

Tech
Website
Error Handling
Programming
Coding
Recommended from ReadMedium
avatar13xch
HacktheBox Write Up — FluxCapacitor

HTB Walkthrough within, ctrl+F for “Root Flag” to quick search

12 min read
avatarAnkit
How to Deface a Website ?

Defacing a website simply means that we replace the index.html file of a site by our file.

7 min read
avatarKhaledyassen
How I Found Multiple XSS Vulnerabilities Using Unknown Techniques

Hello, everyone. I hope you are well.

12 min read
avatarMr Horbio
Analyzing JavaScript Files To Find Bugs

Hi Hackers, Horbio this side

3 min read
avatarNiraj Mahajan
Uncovering the Hidden Vulnerability: How I Found an Authentication Bypass on Shopify’s Exchange…

Hello Researchers,

3 min read
avatarTanishq Sachin Shah
Mastering Subdomain Takeovers

Steal a website? Not quite, but close!

4 min read