Rate Limit definition
In computer networks, rate limiting is used to control the rate of requests sent or received by a network interface controller. It can be used to prevent DoS attacks and limit web scraping
some packages you can use to prevent Rate Limit Attacks these packages prevent based on source IP
Today I Will Publish one technique You Can Use To Bypass This kind of protection and earn some bounties
The first thing you need to install and configure Tor as a proxy in burp
This is a good reference to install and configure Tor in burp as a proxy
The Good Question is why I use this technology to bypass the rate limit
The Answer Is The Tor As proxy will provide you to change your source ip address for every small number of requests that will be more useful to bypass the rate limit based on source IP address
this technique will help a lot of people to bypass rate limit in different URLs and different functions like reset password and brute force the OTP PINS
Remediation :
Implement Captcha in reset password and validate the token of Captcha in the back end
Thanks
