Bypass Rate Limit Request (fuzzing/etc…) With TOR
2023-5-15 02:6:42 Author: infosecwriteups.com(查看原文) 阅读量:99 收藏

Abbas.heybati

InfoSec Write-ups

Hey guys

As I said before in my Write-up, I go directly to the main topic and do not add explanations.
The subject of the article is how we can Bypass Rate Limit Request
which we encountered many times for fuzzing

Step 1
sudo apt install tor

Step 2
Edit Configure Tor

vim /etc/tor/torrc

Edit Configure Tor

SocksPort 9050
SocksPolicy accept *

Step 3
1. Install tmux

sudo apt install tmux

2. Test tor curl

curl --socks5-hostname localhost:9050 https://api.ipify.org/
Test Tor socks5

3. Change IP tor with bash script Infinite loop run(restart tor every 1 seconds)

tmux new -s tor
while true; do pkill -HUP tor; sleep 1; done

Press CTR+B+D

4.Test tor curl again

curl --socks5-hostname localhost:9050 https://api.ipify.org/
Script Loop
Change IP

Step 4

Now we want to make FFUF using the above technique

FFUF -x socks5

My suggestion is to use -t and -rate to give TOR a chance to change the ip

ffuf -w hfuzz.txt -u https://hackerone.com/FUZZ -x socks5://127.0.0.1:9050 -t 5 -rate 5 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0"
ffuf

And you can use this technique for anything, as another example will show you(nuclei)

nuclei -u https://hackerone.com -p socks5://127.0.0.1:9050
Nclei

You can use this technique for your security tests.
And with some creativity, use this technique for other things as well

https://twitter.com/abbas_heybati


文章来源: https://infosecwriteups.com/bypass-rate-limit-request-fuzzing-etc-with-tor-3a285f3980d2?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh