Burp-Racepwn is a Burp Suite extension that integrates RacePWN framework to provide quick access for advanced race condition exploitation techniques.
Extensions is in active development as a semester project, work on its availability for users is still in a very early stage. Also, in connection with this, functionality can significantly differ from the real state.
mvn package -f pom.xmlGo to Extender - Extensions - "Add" button - Choose compiled JAR file.
Set the host, port, protocol of the attack target. This should be the server where you want the RacePWN server to send all its requests.
You can use default RacePWN local server, which is supposed to be deployed on the same machine as Burp at the 3337 port. To use the external Racepwn server, you can add it to the Servers tab, and it will be automatically used for the following attacks.
- Specify the request body that will be sent in every request to the attack target.
- Select the appropriate attack mode (parallel - send all requests separately, pipeline - send all requests as one).
- Set the final number of requests to be sent.
- In case of parallel mode, set the delay between sending requests and the size of the last chunk.
- Click the send button and wait for the query result in the editor.
