This is a dedicated laboratory developed using Python to bypass rate limits.⏳
This is a Flask-based web application that implements a two-factor authentication system using one-time passwords (OTP) and rate limiting to mitigate brute-force attacks. Users can enter their phone number to receive an OTP for verification. The system tracks the number of failed attempts and imposes a 10-minute lockout after three unsuccessful tries. It also employs rate limiting to restrict access for users attempting to bypass the system. This implementation provides a simple dashboard for user management and security.
pip install Flask
pip install flask-session
python app.py
(Replace app.py with the actual name of your Python file.)
After following these steps, your application should be running and accessible at http://127.0.0.1:5000 in your web browser.
To run this Python Flask application, ensure you have Python installed. Then, install Flask using pip install Flask. Finally, execute the script with python app.py. Access the application at http://127.0.0.1:5000
After running the script, enter your phone number to navigate to the OTP page. Subsequently, input incorrect OTPs three times to induce a rate limit on the number.
After applying the rate limit, capture the OTP request using Burp Suite. Then, modify the request in the repeater as follows:
Finally, click the send button to access the dashboard.
This laboratory has been developed for educational purposes. As a result, it does not connect to a database and is solely designed to teach rate limit bypass techniques. A Persian tutorial video has been published on the Telegram channel @rmsup.