ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Last update: Aug 04, 2022

Related tags

Overview

ChronoRace

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic. I've found in my research that well timed race conditions can allow for uncovering all kinds of interesting edge cases. An example use case is seen here, where I was able to get arbitrary email confirmation by hitting both the confirmation and email change endpoints a couple hundred milliseconds apart.

Usage

ChronoRace takes in raw requests and repeats them with a specified time delay. Create files with the raw requests you want to run as done in the http_requests/example/ folder. Then create a configuration which references the requests.

Sample configuration

{
  "proxy": "http://127.0.0.1:8080",
  "verify_ssl": false,
  "requests": [
    {
      "file": "http_requests/example/get.txt",
      "delay": 0,
      "replacements": []
    },
    {
      "file": "http_requests/example/post.txt",
      "delay": 500,
      "replacements": [
        ["[REPLACE]", "bar"]
      ]
    }
  ]
}

Config Parameter	Type	Description	Required	Default
requests	array	Array of requests to make.	Yes
requests[x].file	string	Path to file containing the raw http request.	Yes
requests[x].delay	integer	Delay in milliseconds since start.	No	`0`
requests[x].replacements	array	Replacements to perform in the request. `[["replace1", "with1"], ["replace2", "with2"]]`.	No	`[]`
requests[x].secure	boolean	Make request using the `https` protocol.	No	`true`
proxy	string	Proxy URL. It's recommended to send through Burp to track the requests.	No	`null`
verify_ssl	boolean	Skip certificate validation.	No	`true`
threads	integer	Maximum number of simultaneous requests. Less threads than requests will delay them.	No	`100`
print_response	boolean	Print the entire response in the console.	No	`false`

Running

pip install -r requirements.txt
python chronorace.py race -c config.json

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

Related tags

Overview

ChronoRace

Usage

Owner

Tanner

Turn your IPad into a Screen-Slaver with 1 simple Pythonista script

The repository is about 100+ python programming exercise problem discussed, explained, and solved in different ways

Python implementation for Active Directory certificate abuse

App and Python library for parsing, writing, and validation of the STAND013 file format.

Little tool in python to watch anime from the terminal (the better way to watch anime)

A powerful and user-friendly binary analysis platform!

Sample microservices application demo

Tomador de ramos UC automatico para Windows, Linux y macOS

Spooky Castle Project

Easy installer for running Amazon AVS Device SDK on Raspberry Pi

A check numbers python module

Fofa asset consolidation script

System Design Assignments as part of Arpit's System Design Masterclass

NeurIPS'19: Meta-Weight-Net: Learning an Explicit Mapping For Sample Weighting (Pytorch implementation for noisy labels).

Auto Join Zoom Meeting

MDAnalysis tool to calculate membrane curvature.

Lock a program and kills it indefinitely if it is started.

LAPS module for CrackMapExec

This application demonstrates IoTVAS device discovery and security assessment API integration with the Rapid7 InsightVM.

UdemyPy is a bot that hourly looks for Udemy free courses and post them in my Telegram Channel: Free Courses.