429 Bypasser

This extension is designed to help penetration testers and security professionals bypass HTTP 429 (Too Many Requests) rate-limiting mechanisms. The extension employs various techniques to circumvent rate-limiting and provides a flexible interface for customizing bypass strategies.

Features

• Add Custom Headers
• Change User Agent
• Use Capital Letters
• Use Random Parameters
• Server-side HTTP Parameter Pollution
• Change HTTP Method
• Route Alteration
• Encoding
• Add Null Bytes, spaces and etc

For encoding, null bytes, and parameter pollution, users can specify which parameter(s) to target. If no parameter is specified, the extension applies changes to all parameters by default.

Usage

1. Right-click on the desired request and choose "Extensions -> 429 Bypasser -> Send To 429 Bypasser tab".
2. Select the methods you want to use for bypassing 429 responses.
3. Specify parameters for encoding, null byte insertion, or parameter pollution if needed.
4. Click the OK button.

By default, the extension applies changes to all parameters one by one if none are specified.

Viewing results

In the 429 Bypasser tab added at the top of Burp Suite, you can view the requests sent by the extension.
You can sort these requests by the Status Code column to help identify which requests successfully bypassed the rate limit.