Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities

  • Perform add collaborator request.
  • Send normal request to www.target.com.
  • Perform remove collaborator request.
  • Keep burp proxy running and Perform add collaborator and remove collaborator and navigate to your account.
Collaboration Settings
  • In burp, navigate to Project Options -> Under Session Handling Rules click Add -> In Rule Actions click Add then choose Run a Macro.
  • Under Select Macro click Add -> Burp requests history will open, now choose the three requests in order: Add collaborator — Request to profile account — Remove collaborator. Click Ok and then click Test macro and see that a notification is sent to the target email inbox.
Launching Macro Attack
  • You can try Test macro many times and every time you try it, a notification will be sent to the mail inbox.
Notifications sent to victim inbox

--

--

--

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Interview with M Waleed Kadous: A Privacy-First, Open-Source Approach to Contact Tracing

A No0bs guide to Cyber Warfare and Blogs

{UPDATE} Ding Dong XL Hack Free Resources Generator

Ensuring protocol security with Immunefi bug bounty program

Fortinet Launches New Security Awareness & Training Service

Is your Security Pro giving you the full CIA treatment?

{UPDATE} Hello Emoji Hack Free Resources Generator

Google applications, unable to access services temporarily (14/12/2020)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmad Halabi

Ahmad Halabi

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

More from Medium

Cross-site scripting (XSS) by example

Shibboleth — HackTheBox — Writeup — Web App Penetration Testing (Web App Hacking)

The Story Of How I Bypass MAC Filter

Network Services