race-condition-exploit: exploitation of web application race conditions

Race Conditions occur when a piece of code does not work as it is supposed to (like many security issues). They are the result of an unexpected ordering of events, which can result in the finite state machine of the code to transition to a undefined state, and also give rise to contention of more than one thread of execution over the same resource. Multiple threads of execution acting or manipulating the same area in memory or persisted data which gives rise to integrity issues. _owasp

Race condition exploit

Tool to help with the exploitation of web application race conditions

Installation

git clone https://github.com/andresriancho/race-condition-exploit.git

cd race-condition-exploit

pip install -r requirements.txt

Usage

$ python rc-exploit --help

usage: rc-exploit [-h] [--threads THREADS] plugin ...



Race condition exploiter



positional arguments:

  plugin             Python module to load requests from (ie. paypal.hack will

                     load python module from paypal/hack.py)

  remainder



optional arguments:

  -h, --help         show this help message and exit

  --threads THREADS  Number of threads/connections to use

$

Example plugin run

There is an example plugin you should use to write yours at plugins/example.py, once you’ve finished that step run:

$ python rc-exploit --threads 10 plugins.your_race_condition_hack

Source: https://github.com/andresriancho/race-condition-exploit