Hey guys

As I said before in my Write-up, I go directly to the main topic and do not add explanations.
The subject of the article is how we can Bypass Rate Limit Request
which we encountered many times for fuzzing

Step 1
sudo apt install tor

Step 2
Edit Configure Tor

vim /etc/tor/torrc

SocksPort 9050
SocksPolicy accept *

Step 3
1. Install tmux

sudo apt install tmux

2. Test tor curl

curl --socks5-hostname localhost:9050 https://api.ipify.org/

3. Change IP tor with bash script Infinite loop run(restart tor every 1 seconds)

tmux new -s tor
while true; do pkill -HUP tor; sleep 1; done

Press CTR+B+D

4.Test tor curl again

curl --socks5-hostname localhost:9050 https://api.ipify.org/

Step 4

Now we want to make FFUF using the above technique

My suggestion is to use -t and -rate to give TOR a chance to change the ip

ffuf -w hfuzz.txt -u https://hackerone.com/FUZZ -x socks5://127.0.0.1:9050 -t 5 -rate 5 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0"

And you can use this technique for anything, as another example will show you(nuclei)

nuclei -u https://hackerone.com -p socks5://127.0.0.1:9050

You can use this technique for your security tests.
And with some creativity, use this technique for other things as well

https://twitter.com/abbas_heybati