race-condition
OfficialExploit web app race conditions.
Software Engineering#penetration testing#race condition#web security#TOCTOU#vulnerability exploitation#burpsuite
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit race conditions and Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities in web applications, which can lead to unauthorized actions like duplicate coupon redemption or balance overspending.
Core Features & Use Cases
- Endpoint Identification: Detects endpoints susceptible to race conditions by analyzing their constraint-checking and action-execution patterns.
- Exploitation Techniques: Implements various synchronization methods, including HTTP/2 single-packet attacks and HTTP/1.1 last-byte synchronization, using tools like Burp Suite's Turbo Intruder and Python.
- Use Case: A penetration tester suspects a web application's coupon redemption endpoint is vulnerable. They use this Skill to send hundreds of redemption requests simultaneously, successfully applying the same coupon multiple times and confirming the vulnerability.
Quick Start
Use the race-condition skill to test the endpoint 'https://example.com/api/redeem' for coupon reuse vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: race-condition Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#race-condition Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.