##Race condition exploit
A tool that performs multiple queries to a web application concurently and saves the results to a file. The output is then parsed, and the requests are saved in two files: desirable output and undesired output. Check if the desired status code is returned for several queries to see if the race exploit was successful.
Build by using go build and then run the binary with the following arguments:
-url- url to exploit-payload- Payload to use-headers- Headers to use; delimited by comma-method- Method to use | POST, PUT, DELETE-status- Desired status code-requestno- Number of requests to send-console- Print to console (default false)
Cross compile by using the Makefile by running make build. This will create a binary for Linux, Windows and MacOS.
Use make clean to remove the binaries.
Build your own docker image by using docker build -t raceexploit . and then run the docker image with the CLI arguments.
Or you can also use the docker pull radurobot/race-condition-explot:latest to pull the latest image.
./racecondition -url http://localhost:8080 -payload '{"name":"test"}' -headers "Content-Type:application/json" -method POST -status 201 -requestno 20 -console
{
"0": {
"Url": "https://localhost:8080",
"Payload": "",
"Method": "POST",
"Headers": {
"Header1": [
"headerInput"
],
"Header2": [
"headerInput"
]
},
"ResponseBody": "example",
"ResponseStatus": 201,
"ResponseTime": "127.588584ms"
},
"1": {
"Url": "https://localhost:8080",
"Payload": "",
"Method": "POST",
"Headers": {
"Header1": [
"headerInput"
],
"Header2": [
"headerInput"
]
},
"ResponseBody": "example",
"ResponseStatus": 201,
"ResponseTime": "127.8995ms"
}
}```