{"id":19371338,"url":"https://github.com/javanxd/raceocat","last_synced_at":"2025-04-23T16:30:57.863Z","repository":{"id":123440379,"uuid":"320932683","full_name":"JavanXD/Raceocat","owner":"JavanXD","description":"Make exploiting race conditions in web applications highly efficient and ease-of-use.","archived":false,"fork":false,"pushed_at":"2024-05-10T17:58:44.000Z","size":5904,"stargazers_count":23,"open_issues_count":0,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-02T17:11:22.296Z","etag":null,"topics":["bugbounty","race-conditions","race-detection","racer","research-and-development"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JavanXD.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-12T22:00:31.000Z","updated_at":"2024-11-13T16:54:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"6ff2a50d-45d2-434b-a91e-f922e5fe5d3a","html_url":"https://github.com/JavanXD/Raceocat","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JavanXD%2FRaceocat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JavanXD%2FRaceocat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JavanXD%2FRaceocat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JavanXD%2FRaceocat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JavanXD","download_url":"https://codeload.github.com/JavanXD/Raceocat/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250470880,"owners_count":21435855,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","race-conditions","race-detection","racer","research-and-development"],"created_at":"2024-11-10T08:18:08.195Z","updated_at":"2025-04-23T16:30:57.293Z","avatar_url":"https://github.com/JavanXD.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Race-o-cat \u003cimg src=\"docs/logo/logo-tamper.png\" width=\"25\" height=\"25\"\u003e\n\u003e Make exploiting race conditions in web applications highly efficient and ease-of-use.\n\n## Overview\n\n- [Architecture Overview](#architecture-overview)\n- [List of Projects](#list-of-projects)\n- [Demo](#demo)\n- [To-Dos](#to-dos)\n- [License](#license)\n- [Contributing](#contributing)\n- [Author Information](#author-information)\n\n## Architecture Overview\n\n![Race Conditions](./docs/architecture/Race-Architecture.png)\n\n## List of Projects  \n\n### - [Browser Extension for Firefox](./browser-extension/#readme)\nFirefox browser extension for live request monitoring and intercepting the desired request which will be forwarded to the Race Dispatcher.\n\n### - [Race Routine Infrastructure](./race-routine-infrastructure/#readme)\nRace Dispatcher and Race Script to execute parallel requests against any given endpoint.\n\n### - [OWASP Zed Attack Proxy (ZAP) Extender](./zap-extender/#readme)\nZAP Extensions to test for Race Conditions.\n\n### - [Vulnerable web application](./vuln-webapp/#readme)\nA web application with typical vulnerable use cases such as withdrawing money or excessive poll votes.\n\n## Demo\n\nA demo of the tool and a introduction to race condition vulnerabililties can be watched in this video, which got recorded at Hack in the Box Conference (HITBSecConf) 2022 Singapore:\n\n[![Exploiting Race Condition Vulnerabilities In Web Applications – Javan Rasokat](http://img.youtube.com/vi/rSizIebpBo8/0.jpg)](https://www.youtube.com/watch?v=rSizIebpBo8\u0026list=PLmv8T5-GONwRu8F1SgdBjP6XydFJipKoa)\n\nIn addition a PDF of the research can be found [here](https://opus-htw-aalen.bsz-bw.de/frontdoor/index/index/docId/1327) (in German). \n\n## To Dos\n\nThe following action items are considered to be implemented in a future version (happy for any contributions!):\n* Improve timing (by using ntp, a websocket push, or anything else) of the race server to decrease the time gap between dispatching to multiple race servers OR allow a scheduled timing option\n* Allow downloading of the HTTP-Responses to analyse the success of the attack\n* Allow multiple, different parameters/content of the HTTP-Request to allow improved exploitation of load balancers with sticky sessions and other attack scenarios that require custom parameters\n\n## License\nCode of Raceocat is licensed under the Apache License 2.0.\n\n## Contributing\n\nFeel free to open issues / pull requests if you want to contribute to this project.\n\n## Author Information\n\nYou can reach me on Twitter [@javanrasokat](https://twitter.com/javanrasokat).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjavanxd%2Fraceocat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjavanxd%2Fraceocat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjavanxd%2Fraceocat/lists"}