0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#2865] update

This commit is contained in:
CPol 2021-11-28 11:01:58 +00:00 committed by gitbook-bot
parent 0fc60213dd
commit f8e570f383
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pentesting-web/rate-limit-bypass.md
View File

@ -37,3 +37,6 @@ Try changing the user-agent, the cookies... anything that could be able to ident
If the limit in in the path `/resetpwd`, try BFing that path, and once the rate limit is reached try `/resetpwd?someparam=1`
### Login in your account before each attempt
Maybe if you **login into your account before each attempt** (or each set of X tries), the rate limit is restarted. If you are attacking a login functionality, you can do this in burp using a Pitchfork attack in **setting your credentials every X tries** (and marking follow redirects).