如果请求GET 尝试将其更改为POST、PUT 等,
如果你想绕过 API 的请求限制,尝试HEAD方法。
X-Forwarded: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarder-For: 127.0.0.1
X-Forward-For: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
或者使用两个或以上参数
X-Forwarded-For:
X-Forwarded-For: IP
https://blog.csdn.net/weixin_50464560/article/details/120351881
https://github.com/PortSwigger/turbo-intruder/releases/download/1.0.12/turbo-intruder-all.jar
https://www.cyberick.com/post/tricks-to-bypass-rate-limiting-on-login-page-bug-bounty-tipshttps://github.com/KathanP19/HowToHunt/blob/master/Rate_limit/RateLimitBypass.md
https://heresecurity.gitbook.io
https://www.heresecurity.wiki
https://github.com/xiaoy-sec/Pentest_Note
「spaces_KWBryqLddJpkYU3sl...ef5c1a189_export.pdf」https://www.aliyundrive.com/s/FHHsdHopdS9 提取码: 49bw 点击链接保存,或者复制本段内容,打开「阿里云盘」APP ,无需下载极速在线查看,视频原画倍速播放。
好文推荐