Bypassing Rate Limit like a PRO !
Hello Bug Bounty Hunters!
This is my second write-up, I hope you like it. In this write-up I’ll try to share the ways I know about Bypassing Rate Limitation. So Let’s get started.
Bypassing Rate Limit with Header
There are some headers which can be used to Bypass Rate Limitation. All you have to do is to Use the Header just under the Host Header in the Request.
- X-Forwarded-For : IP
- X-Forwarded-Host : IP
- X-Client-IP : IP
- X-Remote-IP : IP
- X-Remote-Addr : IP
- X-Host : IP
- Change the IP whenever the Request gets Blocked Again.
TIP : Try adding Multiple headers sometimes can bypass a rate limit too.
Bypass Rate Limit when there’s a CAPTCHA
You must have encountered a Google CAPTCHA while testing Website. These are some ways with the help of which you can bypass it.
- Try Removing CAPTCHA Parameter from the body of the Request
- Try adding some String of the same length as that of the Parameter
- Keep the Intercept ON, Send Request to Intruder. Sometimes, It may give unexpected results.
Bypassing Rate Limit with some Characters
- Adding Null Byte ( %00 ) at the end of the Email can sometimes Bypass Rate Limit.
- Try adding a Space Character after a Email. ( Not Encoded )
- Some Common Characters that help bypassing Rate Limit : %0d , %2e , %09 , %20
I know there would be many more ways to Bypass Rate Limits, Please feel free to share them.
I Hope you liked it.
Do checkout my Blog Website for more amazing Writeups and Blogs: https://blog.theinfosecguy.me
Find me on LinkedIn : http://linkedin.com/in/keshav-malik/
