Rate Limit Bypass Using Response Manipulation.

Let’s Get into the Findings -

Introduction

Rate limiting is a security mechanism that controls the number of requests a user can make to a web application within a specified timeframe. It helps prevent abuse, such as API misuse or excessive data downloads. While testing a crypto trading platform, I discovered a rate limit bypass vulnerability in the trade file download feature.

Discovery

While testing the platform, I noticed a feature allowing users to download a CSV file containing trade data such as buying and selling transactions. The file, named “trade file,” was available for download but had a strict limit on the number of allowed downloads. After exceeding this limit, the system said, “You have exceeded the limit.

Steps to Bypass Rate Limit

Trigger the rate limit by downloading the trade file multiple times until the platform shows “You have exceeded the limit.”

1. Open Burp Suite and enable interception.
2. Initiate another download request to trigger the blocked response.
3. Intercept the download request in Burp Suite.
4. Switch to the “Response” tab to view the intercepted server response.
5. Change the HTTP response status code from 429 Too Many Requests to 200 OK.
6. Forward the modified response back to the application.
7. Verify that the trade file download is successful.
8. Repeat the same steps to download the file multiple times, bypassing the download restriction.

“That’s about rate limit bypass. You can use this technique to bypass other features protected by rate limits, such as password reset, email verification, newsletters, etc.”

Thank You :)

Linkedln ↔️ X (Twitter)