What technical prerequisites are required?

The skill utilizes Python 3.10+ with libraries such as requests and aiohttp for automated testing and high-speed asynchronous request handling.

Can I use this skill on any public API?

No. You must have explicit written authorization before testing rate limits, as these tests involve high request volumes that can impact service availability.

What is the primary goal of this Claude Code skill?

The skill identifies vulnerabilities where API rate limits can be circumvented, which could otherwise allow for brute-force attacks or resource exhaustion.

Does this skill support IP spoofing techniques?

Yes, it tests over 15 different headers including X-Forwarded-For, X-Real-IP, and CF-Connecting-IP to determine if the API relies on easily spoofable client identifiers.

Is this skill aligned with industry security standards?

Yes, it specifically maps to OWASP API4:2023 (Unrestricted Resource Consumption), helping teams secure their APIs against common exploitation patterns.

API Rate Limit Bypass Tester

Name: API Rate Limit Bypass Tester
Author: micsapp

bymicsapp

0•

セキュリティとテスト

Evaluates API endpoint resilience by testing for rate-limiting vulnerabilities using advanced bypass techniques like IP spoofing and header manipulation.

The API Rate Limit Bypass Tester is a specialized cybersecurity skill designed to audit the effectiveness of request throttling and resource consumption controls. It automates the discovery of rate-limit thresholds and systematically attempts to circumvent them using techniques such as IP spoofing through specialized headers (X-Forwarded-For, etc.), URL path variations, HTTP method switching, and identifier rotation. By mapping these tests to the OWASP API4:2023 Unrestricted Resource Consumption standard, the skill helps developers and security researchers identify critical weaknesses that could be exploited for credential stuffing, brute-force attacks, or denial-of-service attempts.

主な機能

01Account-level and identifier rotation scripts to test for per-user rate limit flaws.

020 GitHub stars

03Automated probing to identify rate-limit headers and baseline enforcement thresholds.

04URL path and API version variation logic to find unprotected endpoint aliases.

05Comprehensive IP spoofing suite testing 15+ different proxy and CDN headers.

06HTTP method and Content-Type switching to bypass signature-based filters.

ユースケース

01Testing authentication endpoints for vulnerability to high-speed brute-force attacks.

02Validating that WAF and API Gateway throttling policies are correctly configured.

03Conducting security audits for compliance with OWASP API security standards.

主な機能

01Account-level and identifier rotation scripts to test for per-user rate limit flaws.

020 GitHub stars

03Automated probing to identify rate-limit headers and baseline enforcement thresholds.

04URL path and API version variation logic to find unprotected endpoint aliases.

05Comprehensive IP spoofing suite testing 15+ different proxy and CDN headers.

06HTTP method and Content-Type switching to bypass signature-based filters.

ユースケース

01Testing authentication endpoints for vulnerability to high-speed brute-force attacks.

02Validating that WAF and API Gateway throttling policies are correctly configured.

03Conducting security audits for compliance with OWASP API security standards.