OpenBullet detects "hits" by analyzing differences in server responses. Mitigation:

In the landscape of web security, the line between legitimate automation tools and attack frameworks is often blurred. OpenBullet, first released on GitHub in 2018, was intended to help developers test their login systems, form validations, and API endpoints for robustness. Yet, its powerful "config" system and support for massive parallelism have turned it into a primary engine for and card cracking attacks.

Defending against OpenBullet requires a layered approach, as the tool can easily adapt to simple protections.

While developed for ethical web testing, OpenBullet is a primary tool for attacks. How Cybercriminals Abuse OpenBullet for Credential Stuffing