Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 0 1 00:00:01,590 --> 00:00:03,030 Hello everyone. 1 2 00:00:03,030 --> 00:00:07,870 So in this video we are going to see how we can achieve No-Rate limit protection bypass. 2 3 00:00:07,890 --> 00:00:09,380 Number two. 3 4 00:00:09,570 --> 00:00:21,300 So in this video we will see how we can bypass No-Rate limit using x forwarded host header into any request. 4 5 00:00:21,300 --> 00:00:29,700 So for this we are going to see a report right now to understand this better of bypassing rate limit 5 6 00:00:29,700 --> 00:00:33,710 protection by spoofing originating IP. 6 7 00:00:34,200 --> 00:00:38,150 So let's see what the user was able to do. 7 8 00:00:38,520 --> 00:00:45,540 The first screenshot They blocked my IP as you can see this user was performing an action in which there 8 9 00:00:45,540 --> 00:00:53,820 is a WAF which is blocking as you can see 403 forbidden now trying to host header injection which means 9 10 00:00:53,910 --> 00:01:02,190 modifying the host from the www.example.com to www.xyz.com 10 11 00:01:02,190 --> 00:01:07,320 adding x forwarded host hacker.com but still no success. 11 12 00:01:07,320 --> 00:01:14,140 Now trying for X forwarded for option to spoof originating IP address. 12 13 00:01:14,190 --> 00:01:22,360 So we are going to give a random IP address in X forwarded for still no success. 13 14 00:01:22,470 --> 00:01:31,770 Now trying with X forwarded for IP header into the request twice two times instead of one thing and 14 15 00:01:31,770 --> 00:01:37,830 you can see we were successfully able to bypass this No-Rate limit protection because the application 15 16 00:01:37,830 --> 00:01:40,740 is giving 200 ok right now. 16 17 00:01:40,860 --> 00:01:49,460 So what is the lesson learned the lesson learned is that you can bypass no rate limit by applying or 17 18 00:01:49,470 --> 00:01:58,950 digital header it like X forwarded for or X forwarded in the request X for x-forwarded host in the request. 18 19 00:01:58,950 --> 00:02:06,660 So let's get back to the presentation and let us No-Rate limit by ad adding some specific headers 19 20 00:02:07,530 --> 00:02:14,070 so you can add headers with the request like x-originating IP and you can give any random IP X 20 21 00:02:14,070 --> 00:02:22,290 forwarded for that we already saw into the report X remote IP, X remote address, x client IP X host and 21 22 00:02:22,380 --> 00:02:29,670 X forwarded host we already saw X forwarded host and X forwarded for through which the user was able to bypass 22 23 00:02:29,670 --> 00:02:30,760 the no rate limit. 23 24 00:02:31,710 --> 00:02:39,840 So this is one of the way in the bypass number two in which you can bypass the no rate limit protection 24 25 00:02:43,010 --> 00:02:49,700 so the first one understood we understood the second one also third is remote IP remote address client 25 26 00:02:49,700 --> 00:02:54,980 IP X host and X forwarded host so practical time. 26 27 00:02:55,130 --> 00:03:00,400 So let's see what we can achieve through this. 27 28 00:03:01,070 --> 00:03:06,970 And I have written a small script to explain this to you guys. 28 29 00:03:06,980 --> 00:03:09,770 So let me just open the script. 29 30 00:03:09,780 --> 00:03:11,300 nano check.py 30 31 00:03:11,930 --> 00:03:20,480 So this is a Python script which basically add these headers the headers that we understood into the 31 32 00:03:20,480 --> 00:03:26,020 slide and sent the request to the specific target you want to send to. 32 33 00:03:26,300 --> 00:03:26,850 Okay. 33 34 00:03:27,050 --> 00:03:34,700 So you have to use like this python check IP domain name. 34 35 00:03:34,730 --> 00:03:36,030 http or https 35 36 00:03:36,080 --> 00:03:37,380 And you have to send the request. 36 37 00:03:37,400 --> 00:03:39,360 So let's see how to use this. 37 38 00:03:39,410 --> 00:03:48,410 I already run it couple of times so you can see from your python check.py www.udemy.com 38 39 00:03:48,410 --> 00:03:55,280 HTTPS as you can see for the first header we added the status code was 200 response-size was this. 39 40 00:03:55,310 --> 00:04:03,920 This is nothing but the response length x-forwarded host a response and changed remote IP length change 40 41 00:04:04,250 --> 00:04:12,140 at a remote address length changed client IP length remains the same X host Length change forwarded host 41 42 00:04:12,710 --> 00:04:15,020 length remains the same X this one and this one. 42 43 00:04:15,560 --> 00:04:22,820 So basically in this we can see the application that is udemy.com behaves in a different manner 43 44 00:04:23,020 --> 00:04:26,970 when different different headers are been sent. 44 45 00:04:27,050 --> 00:04:33,950 So yeah we can try for no rate limit by adding a new header each time as we can see there is some change 45 46 00:04:34,010 --> 00:04:36,110 into the response. 46 47 00:04:36,110 --> 00:04:39,380 Similarly I tried on Instagram and Instagram. 47 48 00:04:39,380 --> 00:04:44,300 Also we were able to see changes into the into the response by adding new headers. 48 49 00:04:45,380 --> 00:04:52,310 Similarly I tried on no broker but this time the response was same for everything because they are not 49 50 00:04:52,310 --> 00:04:59,270 parsing anything like this and no rate limit is fixed on their website and which cannot be bypassed 50 51 00:04:59,330 --> 00:05:00,480 anymore. 51 52 00:05:00,830 --> 00:05:05,250 99 acers is still the same on Tinder.com still the same. 52 53 00:05:05,250 --> 00:05:13,910 We are not able to perform no rate limit by bypassing by adding any of the headers I will attach this 53 54 00:05:13,910 --> 00:05:18,820 code in the description and you guys can utilize this for your testing. 54 55 00:05:18,830 --> 00:05:20,000 I hope you guys understood. 55 56 00:05:20,150 --> 00:05:20,990 Thank you so much. 6146