admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Markdown Fix Lint

Browse Source
This commit is contained in:
Swissky
2025-10-05 18:54:42 +02:00
parent 0dc0978853
commit d49faf9874
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Brute Force Rate Limit/README.md
View File

@@ -30,6 +30,7 @@ Countermeasures like rate limiting, account lockout policies, CAPTCHA, and stron
### Burp Suite Intruder ### Burp Suite Intruder
* **Sniper attack**: target a single position (one variable) while cycling through one payload set. * **Sniper attack**: target a single position (one variable) while cycling through one payload set.
```ps1 ```ps1
Username: password Username: password
@@ -99,9 +100,9 @@ JA3 is a method for fingerprinting TLS clients (and JA3S for TLS servers) by has
**Countermeasures:** **Countermeasures:**
- Use browser-driven automation (Puppeteer / Playwright) * Use browser-driven automation (Puppeteer / Playwright)
- Spoof TLS handshakes with [lwthiker/curl-impersonate](https://github.com/lwthiker/curl-impersonate) * Spoof TLS handshakes with [lwthiker/curl-impersonate](https://github.com/lwthiker/curl-impersonate)
- JA3 randomization plugins for browsers/libraries * JA3 randomization plugins for browsers/libraries
### Network IPv4 ### Network IPv4
@@ -137,7 +138,6 @@ proxychains ffuf -w wordlist.txt -u https://target.tld/FUZZ
Many cloud providers, such as Vultr, offer /64 IPv6 ranges, which provide a vast number of addresses (18 446 744 073 709 551 616). This allows for extensive IP rotation during brute-force attacks. Many cloud providers, such as Vultr, offer /64 IPv6 ranges, which provide a vast number of addresses (18 446 744 073 709 551 616). This allows for extensive IP rotation during brute-force attacks.
## References ## References
* [Bruteforcing the phone number of any Google user - brutecat - June 9, 2025](https://brutecat.com/articles/leaking-google-phones) * [Bruteforcing the phone number of any Google user - brutecat - June 9, 2025](https://brutecat.com/articles/leaking-google-phones)