# Rate-Limit Bypass

## Rate Limit Bypass Techniques

### There are two ways to do that

* Customizing HTTP Methods
* Adding Headers to Spoof IP

### 1. Customizing HTTP Methods

* If the request goes on GET try to change it to POST, PUT, etc.,
* If you wanna bypass the rate-limit in API's try HEAD method.

### Rate Limit Bypass using Header

Use the following Header just Below the Host Header

```
X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP

#or use double X-Forwarded-For header
X-Forwarded-For:
X-Forwarded-For: IP
```

### Adding HTTP Headers to Spoof IP and Evade Detection

* These are Headers I've collected so far to Bypass Rate-Limits.

```
X-Forwarded: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarder-For: 127.0.0.1
X-Forward-For: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
```

### Rate Limit Bypass using Special Characters

* Adding Null Byte ( %00 ) at the end of the Email can sometimes Bypass Rate Limit.
* Try adding a Space Character after a Email. ( Not Encoded )
* Some Common Characters that help bypassing Rate Limit : %0d , %2e , %09 , %20 , %0, %00, %0d%0a, %0a, %0C
* Adding a slash(/) at the end of api endpoint can also Bypass Rate Limit. `domain.com/v1/login` -> `domain.com/v1/login/`

### Using IP Rotate Burp Extension

* Try changing the user-agent, the cookies... anything that could be able to identify you
* If they are limiting to 10 tries per IP, every 10 tries change the IP inside the header. Change other headers
* Burp Suite's Extension IP Rotate works well in many cases. Make sure you have Jython installed along.
* Here You'll everything you need - <https://github.com/PortSwigger/ip-rotate>

### You can find some more here - [Check this out](https://medium.com/bugbountywriteup/bypassing-rate-limit-like-a-pro-5f3e40250d3c)

### You can find more with screenshot <https://medium.com/@huzaifa\\_tahir/methods-to-bypass-rate-limit-5185e6c67ecd>

## Reference

* <https://twitter.com/m4ll0k2/status/1294983599943540738/photo/1>
* <https://twitter.com/SalahHasoneh1/status/1287366496432332800>
* <https://twitter.com/SMHTahsin33/status/1295054667613757441> (all in one must check)

## Authors:

* [Keshav Malik](https://www.linkedin.com/in/keshav-malik-22478014a)<br>
* [0xd3vil](https://linkedin.com/in/0xd3vil)<br>
* [Virdoex\_hunter](https://twitter.com/Virdoex_hunter)
* [@0xCyberPirate](https://twitter.com/0xCyberPirate)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kathan19.gitbook.io/howtohunt/rate-limit/ratelimitbypass.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.