© All rights reserved.
Cyber Struggle Cyber Struggle
  • Home
  • Company
    • About Us
    • CS Internals
    • CS Manifesto
    • Open Letter for Ranger Grads
    • Careers
    • Press and Media
    • Contact Us
    • GDPR Notification
  • Products
    • S-46 Platform
  • Courses
    • Ranger Certification
      • Ranger Certification
      • Ranger Grad Feedbacks
    • Aegis Certification (New)
      • Aegis Certification
      • Aegis Grad Feedbacks
    • Contemporary Certifications
      • Cyber Struggle Tactical Pistol Operator
  • For Corporates
  • Resources
    • Articles
    • Threat Reports
    • Tools
    • Announcements
  • Community
    • Community Programs
      • Ribbon Program
    • Delta Group
0
Cyber Struggle

Ratelimit Bypass Tool: Whitepass

By cyberstruggle inAnnouncements, Articles, Delta Group

Cyber Struggle Delta Team has developed a tool to bypass Whitelist/Ratelimit Implementations in Web Applications/APIs

Main Features

  • Parsing Requests from burp-suite
  • Customize the request
  • Add Additional Headers
  • Add Additional Payloads
  • Add Known IPs Address for the target

How it’s work

Whitepass will try to fuzz the target with additional HTTP-Headers, Unlike other tools which using X-Originating-IP or X-Forwarded-For. Whitepass using +70 Different HTTP-Header with tons of payloads trying to bypass different implementations of Whitelist/Ratelimit solutions and functions based on known methods and techniques that developers and webservers using to implement Whitelist/Ratelimit solutions. this project was part of DeltaGroup Internal Tools which used in our engagements

#python3.6+ required
python3 whitepass.py -r burp_saved_request
#Test HTTP-Post
python3 whitepass.py -u https://api.company.com/v1/api/login -m post --data "username=test&password=test"
#Simple HTTP-GET
python3 whitepass.py -u https://api.company.com/v1/api/login
#List of endpoints
python3 whitepass.py -l list.txt
#For more using
python3 whitepass.py --help

You can reach the project from our Github repo.

credential dumpingcybersecuritycyberstrugglememory executionMimikatzpayloadspowershelgl
  • Credential Dumping Tool: Chalumeau
    Previous PostCredential Dumping Tool: Chalumeau
  • Next PostCOM Hijacking for Persistence
    Credential Dumping Tool: Chalumeau

Related Posts

COM Hijacking for Persistence
Articles Delta Group

COM Hijacking for Persistence

Credential Dumping Tool: Chalumeau
Announcements Articles Delta Group

Credential Dumping Tool: Chalumeau

Microsoft SMBv3 Remote Code Execution Vulnerability Overview CVE-2020-0796
Articles Delta Group

Microsoft SMBv3 Remote Code Execution Vulnerability Overview CVE-2020-0796

Microsoft ATA Evasion (Over PTH, Golden Ticket)
Articles Delta Group

Microsoft ATA Evasion (Over PTH, Golden Ticket)

Leave a Reply (Cancel reply)

Your email address will not be published. Required fields are marked *

*
*

19 − 1 =

image
F.A.Q
Support Forum
Video Tutorials

Search panel can contain any widgets and shortcodes.

Call us: 0 800 255 22 55
Copy