performing-api-rate-limiting-bypass
CommunityDetect and remediate API rate limit bypasses.
Software Engineering#automation#api-security#rate-limiting#brute-force#throttling#header-spoofing#dos-testing
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Identifies and validates weaknesses in API rate limiting and throttling controls that attackers can exploit to perform brute force, credential stuffing, or denial-of-service attacks by bypassing enforcement mechanisms.
Core Features & Use Cases
- Header Spoofing Tests: Rotate and inject common proxy headers (X-Forwarded-For, X-Real-IP, CF-Connecting-IP, Forwarded) to check if rate limits rely on client-supplied values.
- Path, Method & Encoding Variations: Probe endpoint normalization, method-specific limits, and encoding tricks (null bytes, trailing slashes, case changes) to discover inconsistent enforcement.
- Distributed & Account Rotation: Simulate concurrent and distributed request patterns and identifier rotations to evaluate per-IP vs per-account protections.
- Use Case: Security testers can run a targeted assessment against authentication and sensitive endpoints to produce findings and remediation guidance for OWASP API4:2023 Unrestricted Resource Consumption.
Quick Start
Run the included agent against the target API endpoint with written authorization and enable header, method, and path tests to discover bypasses.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-api-rate-limiting-bypass Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#performing-api-rate-limiting-bypass Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.