gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

Markdown Fix Lint

Browse Source
This commit is contained in:
Swissky
2025-10-05 18:54:42 +02:00
parent 0dc0978853
commit d49faf9874
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Brute Force Rate Limit/README.md
View File

@@ -30,6 +30,7 @@ Countermeasures like rate limiting, account lockout policies, CAPTCHA, and stron
### Burp Suite Intruder
* **Sniper attack**: target a single position (one variable) while cycling through one payload set.
```ps1
Username: password
@@ -99,9 +100,9 @@ JA3 is a method for fingerprinting TLS clients (and JA3S for TLS servers) by has
**Countermeasures:**
- Use browser-driven automation (Puppeteer / Playwright)
- Spoof TLS handshakes with [lwthiker/curl-impersonate](https://github.com/lwthiker/curl-impersonate)
- JA3 randomization plugins for browsers/libraries
* Use browser-driven automation (Puppeteer / Playwright)
* Spoof TLS handshakes with [lwthiker/curl-impersonate](https://github.com/lwthiker/curl-impersonate)
* JA3 randomization plugins for browsers/libraries
### Network IPv4
@@ -137,7 +138,6 @@ proxychains ffuf -w wordlist.txt -u https://target.tld/FUZZ
Many cloud providers, such as Vultr, offer /64 IPv6 ranges, which provide a vast number of addresses (18 446 744 073 709 551 616). This allows for extensive IP rotation during brute-force attacks.
## References
* [Bruteforcing the phone number of any Google user - brutecat - June 9, 2025](https://brutecat.com/articles/leaking-google-phones)