Race Conditions
Learn about using race conditions with Nuclei
Race Conditions are another class of bugs not easily automated via traditional tooling. Burp Suite introduced a Gate mechanism to Turbo Intruder where all the bytes for all the requests are sent expect the last one at once which is only sent together for all requests synchronizing the send event.
We have implemented Gate mechanism in nuclei engine and allow them run via templates which makes the testing for this specific bug class simple and portable.
To enable race condition check within template, race
attribute can be set to true
and race_count
defines the number of simultaneous request you want to initiate.
Below is an example template where the same request is repeated for 10 times using the gate logic.
You can simply replace the POST
request with any suspected vulnerable request and change the race_count
as per your need, and it’s ready to run.
Multi request race condition testing
For the scenario when multiple requests needs to be sent in order to exploit the race condition, we can make use of threads.
threads
is a total number of request you wanted make with the template to perform race condition testing.
Below is an example template where multiple (5) unique request will be sent at the same time using the gate logic.
More complete examples are provided here
Was this page helpful?