Importance of burp history analysis to bypass 403

or, how I learned that specific Referer header can make all the difference

When it comes to bug hunting, directory brute force is a necessary part, if you want to cover all the bases. And, at times, depending on bug bounty programs’ policy, or simply how the servers are configured, things like captcha or 429, or just blocking your ip completely will happen. There are ways around…