Authentication Bypass

List of authentication bypass techniques to test when faced with a login page:


X-Forwarded-For

Some login portal automatically logs you in with administrator privileges when accessed from localhost. Depending on the method it uses to detect the client IP address, it might be possible to trick the server that you’re coming from localhost by setting the X-Forwarded-For header.

X-Forwarded-For: 127.0.0.1

Examples: