ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Last update: Aug 04, 2022

Related tags

Overview

ChronoRace

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic. I've found in my research that well timed race conditions can allow for uncovering all kinds of interesting edge cases. An example use case is seen here, where I was able to get arbitrary email confirmation by hitting both the confirmation and email change endpoints a couple hundred milliseconds apart.

Usage

ChronoRace takes in raw requests and repeats them with a specified time delay. Create files with the raw requests you want to run as done in the http_requests/example/ folder. Then create a configuration which references the requests.

Sample configuration

{
  "proxy": "http://127.0.0.1:8080",
  "verify_ssl": false,
  "requests": [
    {
      "file": "http_requests/example/get.txt",
      "delay": 0,
      "replacements": []
    },
    {
      "file": "http_requests/example/post.txt",
      "delay": 500,
      "replacements": [
        ["[REPLACE]", "bar"]
      ]
    }
  ]
}

Config Parameter	Type	Description	Required	Default
requests	array	Array of requests to make.	Yes
requests[x].file	string	Path to file containing the raw http request.	Yes
requests[x].delay	integer	Delay in milliseconds since start.	No	`0`
requests[x].replacements	array	Replacements to perform in the request. `[["replace1", "with1"], ["replace2", "with2"]]`.	No	`[]`
requests[x].secure	boolean	Make request using the `https` protocol.	No	`true`
proxy	string	Proxy URL. It's recommended to send through Burp to track the requests.	No	`null`
verify_ssl	boolean	Skip certificate validation.	No	`true`
threads	integer	Maximum number of simultaneous requests. Less threads than requests will delay them.	No	`100`
print_response	boolean	Print the entire response in the console.	No	`false`

Running

pip install -r requirements.txt
python chronorace.py race -c config.json

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Related tags

Overview

ChronoRace

Usage

Owner

Tanner

sumCulator Это калькулятор, который умеет складывать 2 числа.

A Red Team tool for exfiltrating sensitive data from Jira tickets.

Lock a program and kills it indefinitely if it is started.

A python script developed to process Windows memory images based on triage type.

Python Freecell Solver

Python pyside2 kütüphanesi ile oluşturduğum drone için yer kontrol istasyonu yazılımı.

A software dedicated to automaticaly select the agent of your desire in Valorant

This is a Docker-based pipeline for preparing sextractor-ready multiwavelength images

Calc.py - A powerful Python REPL calculator

A New, Interactive Approach to Learning Python

It's a repo for Cramer's rule, which is some math crap or something idk

A simple python script where the user inputs the current ingredients they have in their kitchen into ingredients.txt

A python script that automatically joins a zoom meeting based on your timetable.

A free and powerful system for awareness and research of the American judicial system.

An easy python calculator for those who want's to know how if statements, loops, and imports works give it a try!

This repo houses the qhub frontend moving forward.

A Kodi add-on for watching content hosted on PeerTube.

Collapse a set of redundant kmers to use IUPAC degenerate bases

一个Graia-Saya的插件仓库

Woltcheck - Python script to check if a wolt restaurant is ready to deliver to your location