Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities

  • Perform add collaborator request.
  • Send normal request to www.target.com.
  • Perform remove collaborator request.
  • Keep burp proxy running and Perform add collaborator and remove collaborator and navigate to your account.
Collaboration Settings
  • In burp, navigate to Project Options -> Under Session Handling Rules click Add -> In Rule Actions click Add then choose Run a Macro.
  • Under Select Macro click Add -> Burp requests history will open, now choose the three requests in order: Add collaborator — Request to profile account — Remove collaborator. Click Ok and then click Test macro and see that a notification is sent to the target email inbox.
Launching Macro Attack
  • You can try Test macro many times and every time you try it, a notification will be sent to the mail inbox.
Notifications sent to victim inbox

--

--

--

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} 질풍 Hack Free Resources Generator

TryHackMe Walkthrough | Agent Sudo

OWASP Top 10 App Security Risks — 2017

Decentralized identity

CMSC389R Assignment 3: Pentesting I

Print Nightmare- The security nightmare for windows

Let’s use AWS to start a crytocurrency automated trading bot (using Cloud9 to create a new…

OverTheWire: Bandit Level 16 → Level 17

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmad Halabi

Ahmad Halabi

Cyber Security Specialist | Hacker | Founder & CTO at Cybit Sec

More from Medium

XSS Vulnerability Part 2

AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 2

Business Logic Errors - Art of Testing Cards

Testing WebSockets for Vulnerabilities {Part-3} The Burp Proxy