Hey guys
As I said before in my Write-up, I go directly to the main topic and do not add explanations.
The subject of the article is how we can Bypass Rate Limit Request
which we encountered many times for fuzzing
Step 1
sudo apt install tor
Step 2
Edit Configure Tor
vim /etc/tor/torrc
SocksPort 9050
SocksPolicy accept *
Step 3
1. Install tmux
sudo apt install tmux
2. Test tor curl
curl --socks5-hostname localhost:9050 https://api.ipify.org/
3. Change IP tor with bash script Infinite loop run(restart tor every 1 seconds)
tmux new -s tor
while true; do pkill -HUP tor; sleep 1; done
Press CTR+B+D
4.Test tor curl again
curl --socks5-hostname localhost:9050 https://api.ipify.org/
Step 4
Now we want to make FFUF using the above technique
My suggestion is to use -t and -rate to give TOR a chance to change the ip
ffuf -w hfuzz.txt -u https://hackerone.com/FUZZ -x socks5://127.0.0.1:9050 -t 5 -rate 5 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0"
And you can use this technique for anything, as another example will show you(nuclei)
nuclei -u https://hackerone.com -p socks5://127.0.0.1:9050
You can use this technique for your security tests.
And with some creativity, use this technique for other things as well