This is a complete playbook for bypassing 401/403 access control errors when you hit locked down admin panels or API endpoints. It covers the full matrix of techniques: path manipulation (trailing slashes, case changes, URL encoding variants, null bytes), HTTP method tampering (POST instead of GET, X-HTTP-Method-Override headers), header injection (X-Original-URL, X-Forwarded-For IP spoofing), and server-specific tricks for Apache, Nginx, IIS, and Tomcat. The decision tree walks you through trying path tricks first since they have the highest success rate, then escalating to method and header combos. Base models typically know a handful of header bypasses but miss the dozens of path normalization variants and the logic of why proxy versus backend parsing creates the gap in the first place.
npx skills add https://github.com/yaklang/hack-skills --skill 401-403-bypass-techniques