ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Last update: Aug 04, 2022

Related tags

Overview

ChronoRace

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic. I've found in my research that well timed race conditions can allow for uncovering all kinds of interesting edge cases. An example use case is seen here, where I was able to get arbitrary email confirmation by hitting both the confirmation and email change endpoints a couple hundred milliseconds apart.

Usage

ChronoRace takes in raw requests and repeats them with a specified time delay. Create files with the raw requests you want to run as done in the http_requests/example/ folder. Then create a configuration which references the requests.

Sample configuration

{
  "proxy": "http://127.0.0.1:8080",
  "verify_ssl": false,
  "requests": [
    {
      "file": "http_requests/example/get.txt",
      "delay": 0,
      "replacements": []
    },
    {
      "file": "http_requests/example/post.txt",
      "delay": 500,
      "replacements": [
        ["[REPLACE]", "bar"]
      ]
    }
  ]
}

Config Parameter	Type	Description	Required	Default
requests	array	Array of requests to make.	Yes
requests[x].file	string	Path to file containing the raw http request.	Yes
requests[x].delay	integer	Delay in milliseconds since start.	No	`0`
requests[x].replacements	array	Replacements to perform in the request. `[["replace1", "with1"], ["replace2", "with2"]]`.	No	`[]`
requests[x].secure	boolean	Make request using the `https` protocol.	No	`true`
proxy	string	Proxy URL. It's recommended to send through Burp to track the requests.	No	`null`
verify_ssl	boolean	Skip certificate validation.	No	`true`
threads	integer	Maximum number of simultaneous requests. Less threads than requests will delay them.	No	`100`
print_response	boolean	Print the entire response in the console.	No	`false`

Running

pip install -r requirements.txt
python chronorace.py race -c config.json

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Related tags

Overview

ChronoRace

Usage

Owner

Tanner

Diff Match Patch is a high-performance library in multiple languages that manipulates plain text.

Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Arabic to Roman Converter in Python

A comprensive software collection for nmea manipulation

Collection of Beginner to Intermediate level Python scripts contributed by members and participants.

Implemented Exploratory Data Analysis (EDA) using Python.Built a dashboard in Tableau and found that 45.87% of People suffer from heart disease.

Collie is for uncovering RDMA NIC performance anomalies

Edorado93 - Unraveling a Rockstar! -- Too much? Fine, Unraveling a humble programmer then?

python scripts to perform coin die clustering (performed on Riedones3D).

Python script which synchronizes the replica-directoty with the original-one.

Run CodeServer on Google Colab using Inlets in less than 60 secs using your own domain.

Gives you more advanced math in python.

The blancmange curve can be visually built up out of triangle wave functions if the infinite sum is approximated by finite sums of the first few terms.

Student Enrollment Analysis System

A simplified python interface to COPASI.

JD-backup is an advanced Python script, that will extract all links from a jDownloader 2 file list and export them to a text file.

Curso de Python 3 do Básico ao Avançado

A module to develop and apply old-style links

Package pyVHR is a comprehensive framework for studying methods of pulse rate estimation relying on remote photoplethysmography (rPPG)

An audnexus client, providing rich author and audiobook data to Plex via it's legacy plugin agent system.