Q: What is Throttling ?
Ans: When a large number of requests are Sent to the webserver after a paticular amount of requests the server blocks the request from the client because of the large amount of requests made by the Client which is called Throttling ?
Q: How to Bypass To Perform The DOS ?
Ans: If The Server throttles requests based on the IP address of the user after a certain amount of repeated requests. By adding the X-Forwarded-For header, an attacker can bypass the throttling completely, rendering the security measure ineffective against DOS attacks.
Q: How to do it Practically ?
Ans: Send a large amount of requests like the until the throttled message is received.
Send another request with an added X-Forwarded-For header : 127.0.0.1
The web server will respond with a successful message instead of a throttled response.
I have attached two screenshots demonstrating the proof of concept.
proof:
Throttled:
Bypassed:
Thanku !
Comments
Post a Comment