More Tools
Start with whatever tools you may have.Better tools will be found as you go.
Using a tool can help you find and exploit TOCTOU issues. There are a couple of such tools available in the open-source world:
Name | Notes |
Browser Dev Tools |
|
cURL |
|
We will solve the last challenge using RaceTheWeb. The executable files for RaceTheWeb can be obtained from https://github.com/aaronhnatiw/race-the-web/releases
Which version to download? It depends on the operating-system you are running
Operating System | FIle to be downloaded |
Linux 32-bit | race-the-web_2.0.1_lin32.bin |
Linux 64-bit | race-the-web_2.0.1_lin64.bin |
macOS 32-bit | race-the-web_2.0.1_osx32.app.zip |
macOS 64-bit | race-the-web_2.0.1_osx64.app.zip |
Windows 32-bit | race-the-web_2.0.1_win32.exe |
Windows 64-bit | race-the-web_2.0.1_win64.exe |
On Linux and macOS machines, you need to make the file executable.
Operating System | Command to run on Terminal |
race-the-web_2.0.1_lin32.bin | chmod +x race-the-web_2.0.1_lin32.bin |
race-the-web_2.0.1_lin64.bin | chmod +x race-the-web_2.0.1_lin64.bin |
race-the-web_2.0.1_osx32.app.zip | Extract the zip file chmod +x race-the-web_2.0.1_osx32.app |
race-the-web_2.0.1_osx64.app.zip | Extract the zip file chmod +x race-the-web_2.0.1_osx64.app |
Running RacetheWeb is easy:
Open command prompt/Terminal
Navigate to the directory where you have extracted/downloaded the executable binary file
Run the following command:
race-the-web portion:
Depending on the operating-system you are using, the race-the-web portion needs to be changed.
Operating System | race-the-web portion |
Linux 32-bit | ./race-the-web_2.0.1_lin32.bin |
Linux 64-bit | ./race-the-web_2.0.1_lin64.bin |
macOS 32-bit | ./race-the-web_2.0.1_osx32.app |
macOS 64-bit | ./race-the-web_2.0.1_osx64.app |
Windows 32-bit | race-the-web_2.0.1_win32.exe |
Windows 64-bit | race-the-web_2.0.1_win64.exe |
<toml-file> portion:
TOML stands for Tom’s Obvious Minimal Language. The TOML file supplied should be having the request details so that race-the-web can run them.
Find TOML file for some of the TimeGap Theory challenges below:
Sign Up page
In the above TOML file:
Count defines how many requests RaceTheWeb tools would be sending in parallel
Verbose defines the verbosity level of output that is displayed on the screen. The value of this can either be true or false
Method defines the type of the request. This can be GET, POST, PUT, DELETE etc.
URL is, well, the url at which request needs to be sent
Body of the request. You can skip this part if there is no body that needs to be submitted
Sign In page
In the above TOML file:
Count is 1. However, there are three requests in the file. As such, RaceTheWeb tool will send three parallel requests
First two requests have wrong password in the request body
Transfer rewards page
Ratings page
In the above TOML file, we are sending a cookie as well.
Now you know:
Various open-source tools and techniques for finding and exploiting TOCTOU security issues
How to use RaceTheWeb tool for exploiting TOCTOU security issues
Writing TOML files for RaceTheWeb tool
Last updated