Bypass rate limit to enumeration users through Google Drive

The feature that allow you to share files
At the bottom of the request, there is the e-mail that I sent
Personal information about the owner of the e-mail
Security team comment
Folder name in response

Now that we have everything done, let’s start the attack.

  • First we will create 1000 folders by sending a request of making a new folder to intruder.
The request of make a new folder
  • Then we will set the payload 2–1000.
Payload setting
  • Now we have to capture folder names from the response, so we will go to Options tab - Grep Extract - Add and choose the value of id to capture folders names from all the requests that we will send.
Grep Extract setting
  • After running the intruder, we will have 1000 filenames, which we will put into a txt file. Now we have to repeat each name 500 times. So I looked for a way to repeat each line in a text file a certain number of times, and I found this simple command line..
Here is a id column contain names of the folders, simply click anywhere in the white space next to the column, then press on Ctrl + A and it will select all and then press on Ctrl + C and it will copy them
  • Now we will go to burp again and send the request that invite person via e-mail to intruder. We’ll choose the folder name as payload number one and we’ll choose the username as payload number two.
The request of invite person via e-mail
Attack operation

Thanks for your reading, I hope my story was useful.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store