ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Last update: Aug 04, 2022

Related tags

Overview

ChronoRace

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic. I've found in my research that well timed race conditions can allow for uncovering all kinds of interesting edge cases. An example use case is seen here, where I was able to get arbitrary email confirmation by hitting both the confirmation and email change endpoints a couple hundred milliseconds apart.

Usage

ChronoRace takes in raw requests and repeats them with a specified time delay. Create files with the raw requests you want to run as done in the http_requests/example/ folder. Then create a configuration which references the requests.

Sample configuration

{
  "proxy": "http://127.0.0.1:8080",
  "verify_ssl": false,
  "requests": [
    {
      "file": "http_requests/example/get.txt",
      "delay": 0,
      "replacements": []
    },
    {
      "file": "http_requests/example/post.txt",
      "delay": 500,
      "replacements": [
        ["[REPLACE]", "bar"]
      ]
    }
  ]
}

Config Parameter	Type	Description	Required	Default
requests	array	Array of requests to make.	Yes
requests[x].file	string	Path to file containing the raw http request.	Yes
requests[x].delay	integer	Delay in milliseconds since start.	No	`0`
requests[x].replacements	array	Replacements to perform in the request. `[["replace1", "with1"], ["replace2", "with2"]]`.	No	`[]`
requests[x].secure	boolean	Make request using the `https` protocol.	No	`true`
proxy	string	Proxy URL. It's recommended to send through Burp to track the requests.	No	`null`
verify_ssl	boolean	Skip certificate validation.	No	`true`
threads	integer	Maximum number of simultaneous requests. Less threads than requests will delay them.	No	`100`
print_response	boolean	Print the entire response in the console.	No	`false`

Running

pip install -r requirements.txt
python chronorace.py race -c config.json

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Related tags

Overview

ChronoRace

Usage

Owner

Tanner

Blender addon - Breakdown in object mode

Tindicators is a Python library to calculate the values of various technical indicators

qecsim is a Python 3 package for simulating quantum error correction using stabilizer codes.

Allow you to create you own custom decentralize job management system.

⚡KiCad library containing footprints and symbols for inductive analog keyboard switches

Shopify Backend Developer Intern Challenge - Summer 2022

Security-related flags and options for C compilers

通过简单的卷积神经网络直接预测出验证码图片中滑块的位置

Vita Specific Patches and Application for Doki Doki Literature Club (Steam Version) using Ren'Py PSVita

Provide error messages for Python exceptions, even if the original message is empty

A collection of some leetcode challenges in python and JavaScript

Very simple encoding scheme that will encode data as a series of OwOs or UwUs.

It's just a simple script to add all contest from site to your Google Calendar and make two reminder for them one before the contest one day, and another before half an hour, the event on Google Calendar have the registration link of the contest.

Web interface for browsing, search and filtering recent arxiv submissions

A general illumination correction method for optical microscopy.

Open slidebook .sldy files in Python

Backend/API for the Mumble.dev, an open source social media application.

Identifies the faulty wafer before it can be used for the fabrication of integrated circuits and, in photovoltaics, to manufacture solar cells.

WorldsCollide - Final Fantasy VI Randomizer

Zeus is an open source flight intellingence tool which supports more than 13,000+ airlines and 250+ countries.