© All rights reserved. Cyber Struggle 2022
Cyber Struggle
  • Company
    • About Us
    • CS Internals
    • CS Manifesto
    • Open Letter for Ranger Grads
    • Careers
    • Press and Media
    • GDPR Notification
    • Contact Us
  • Products
    • S-46 Platform
  • Certifications
    • Ranger Certification
      • Ranger Certification Details
      • Ranger Testimonials
    • Aegis Certification
      • Aegis Certification
      • Aegis Testimonials
    • Contemprorary Certifications
      • Cyber Struggle Tactical Pistol Operator
  • For Corporates
  • Resources
    • Articles
    • Threat Reports
    • Tools
    • Announcements
  • Community
    • Community Programs
      • Ribbon Program
    • Delta Group
0
Cyber Struggle
Home / Blog / Announcements / Ratelimit Bypass Tool: Whitepass

Ratelimit Bypass Tool: Whitepass

By cyberstruggle inAnnouncements, Articles, Delta Group

Cyber Struggle Delta Team has developed a tool to bypass Whitelist/Ratelimit Implementations in Web Applications/APIs

Main Features

  • Parsing Requests from burp-suite
  • Customize the request
  • Add Additional Headers
  • Add Additional Payloads
  • Add Known IPs Address for the target

How it’s work

Whitepass will try to fuzz the target with additional HTTP-Headers, Unlike other tools which using X-Originating-IP or X-Forwarded-For. Whitepass using +70 Different HTTP-Header with tons of payloads trying to bypass different implementations of Whitelist/Ratelimit solutions and functions based on known methods and techniques that developers and webservers using to implement Whitelist/Ratelimit solutions. this project was part of DeltaGroup Internal Tools which used in our engagements

#python3.6+ required
python3 whitepass.py -r burp_saved_request
#Test HTTP-Post
python3 whitepass.py -u https://api.company.com/v1/api/login -m post --data "username=test&password=test"
#Simple HTTP-GET
python3 whitepass.py -u https://api.company.com/v1/api/login
#List of endpoints
python3 whitepass.py -l list.txt
#For more using
python3 whitepass.py --help

You can reach the project from our Github repo.

credential dumpingcybersecuritycyberstrugglememory executionMimikatzpayloadspowershelgl
32 Posts
cyberstruggle
  • Credential Dumping Tool: Chalumeau
    Previous PostCredential Dumping Tool: Chalumeau
  • Next PostCOM Hijacking for Persistence
    Credential Dumping Tool: Chalumeau

Related Posts

COM Hijacking for Persistence
Articles Delta Group

COM Hijacking for Persistence

Credential Dumping Tool: Chalumeau
Announcements Articles Delta Group

Credential Dumping Tool: Chalumeau

Microsoft SMBv3 Remote Code Execution Vulnerability Overview CVE-2020-0796
Articles Delta Group

Microsoft SMBv3 Remote Code Execution Vulnerability Overview CVE-2020-0796

Microsoft ATA Evasion (Over PTH, Golden Ticket)
Articles Delta Group

Microsoft ATA Evasion (Over PTH, Golden Ticket)

Leave a Reply (Cancel reply)

Your email address will not be published. Required fields are marked *

*
*

nine − 9 =

Certifications

About
CS Manifesto
Letter to Ranger Grads
Contact Us

About Company

Cyber Struggle Ranger
Cyber Struggle Aegis
Cyber Struggle TPO

For Corporates

Cyber Range Platform
SOC Maturity Certification
In-House SOC Mngmt
Outsource SOC Mngmt
Head Hunting Partnership

Subscribe to newsletter

cs_logo_son

© 2023 Cyber Struggle

in
F.A.Q
Support Forum
Video Tutorials

Search panel can contain any widgets and shortcodes.

Call us: 0 800 255 22 55
Copy