webracecondition


Namewebracecondition JSON
Version 0.0.14 PyPI version JSON
download
home_pagehttps://github.com/hupe1980/webracecondition
SummaryTiny package to test webraceconditions
upload_time2023-09-24 21:37:05
maintainer
docs_urlNone
authorhupe1980
requires_python>=3.11,<4.0
licenseMIT
keywords webracecondition pentest cybersecurity
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # webracecondition
![Build Status](https://github.com/hupe1980/webracecondition/workflows/Build/badge.svg)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) 
> Tiny package to test webraceconditions

Web race conditions, also known as web application race conditions or simply race conditions, refer to a class of software vulnerabilities that can occur in web applications when multiple users or processes attempt to access and modify shared resources or data concurrently. These vulnerabilities arise due to the unpredictable interleaving of execution threads or processes, and they can lead to unintended and potentially harmful consequences.

In a web race condition scenario, two or more actions that depend on each other's state may interfere with each other when executed concurrently. This interference can result in unexpected behavior, data corruption, or security breaches. Common examples of web race conditions include issues related to session management, data updates, file access, and database transactions.

Developers need to be aware of the potential for race conditions in web applications and implement proper synchronization mechanisms, such as locks, semaphores, or transactions, to ensure safe and consistent access to shared resources. Failing to address race conditions can leave web applications vulnerable to data inconsistency, security vulnerabilities, and unreliable behavior. Therefore, thorough testing and code review are essential to identify and mitigate web race conditions in web applications to maintain their reliability and security.

:warning: This is for educational purpose. Do not try on live servers without permission!

## Install
```bash
pip install webracecondition
```

## Last-Frame-Sync Attack
The Last-Frame-Sync Attack leverages the capabilities of HTTP/2 to induce web race conditions by synchronizing the final frames of multiple requests within a single TCP packet. This technique enables the simultaneous arrival of approximately 20-30 requests at the server, with the exact number depending on the Maximum Segment Size (MSS), all while eliminating the impact of network jitter.
 
```python
from webracecondition import Engine, Request

engine = Engine("https://your-target.com")
for i in range(20):
    engine.add_request(Request("GET", "/race"))

for roundtrip in engine.last_frame_sync_attack():
    print(roundtrip)
```

## Dependent-Streams Attack
The Dependent-Streams Attack leverages HTTP/2's dependent streams feature to induce web race conditions by coordinating the concurrent execution of scheduled requests. It entails dispatching an extensive chain of requests, followed by numerous requests that depend on the final request in the chain.

```python
from webracecondition import Engine, Request, LongRunningChain

engine = Engine("https://your-target.com")

for i in range(20):
    engine.add_request(Request("GET", "/race")

chain = LongRunningChain(Request("GET", "/long"))
for i in range(10):
    chain.add_request(chain.root)

for roundtrip in engine.dependent_streams_attack(chain):
    print(roundtrip)
```

## License
[MIT](LICENSE)
            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/hupe1980/webracecondition",
    "name": "webracecondition",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.11,<4.0",
    "maintainer_email": "",
    "keywords": "webracecondition,pentest,cybersecurity",
    "author": "hupe1980",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/69/d6/91a4a8e28031620f95ad7084b2023cf77d1d9c2abc4fa17a2f5b9bd17d6f/webracecondition-0.0.14.tar.gz",
    "platform": null,
    "description": "# webracecondition\n![Build Status](https://github.com/hupe1980/webracecondition/workflows/Build/badge.svg)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) \n> Tiny package to test webraceconditions\n\nWeb race conditions, also known as web application race conditions or simply race conditions, refer to a class of software vulnerabilities that can occur in web applications when multiple users or processes attempt to access and modify shared resources or data concurrently. These vulnerabilities arise due to the unpredictable interleaving of execution threads or processes, and they can lead to unintended and potentially harmful consequences.\n\nIn a web race condition scenario, two or more actions that depend on each other's state may interfere with each other when executed concurrently. This interference can result in unexpected behavior, data corruption, or security breaches. Common examples of web race conditions include issues related to session management, data updates, file access, and database transactions.\n\nDevelopers need to be aware of the potential for race conditions in web applications and implement proper synchronization mechanisms, such as locks, semaphores, or transactions, to ensure safe and consistent access to shared resources. Failing to address race conditions can leave web applications vulnerable to data inconsistency, security vulnerabilities, and unreliable behavior. Therefore, thorough testing and code review are essential to identify and mitigate web race conditions in web applications to maintain their reliability and security.\n\n:warning: This is for educational purpose. Do not try on live servers without permission!\n\n## Install\n```bash\npip install webracecondition\n```\n\n## Last-Frame-Sync Attack\nThe Last-Frame-Sync Attack leverages the capabilities of HTTP/2 to induce web race conditions by synchronizing the final frames of multiple requests within a single TCP packet. This technique enables the simultaneous arrival of approximately 20-30 requests at the server, with the exact number depending on the Maximum Segment Size (MSS), all while eliminating the impact of network jitter.\n \n```python\nfrom webracecondition import Engine, Request\n\nengine = Engine(\"https://your-target.com\")\nfor i in range(20):\n    engine.add_request(Request(\"GET\", \"/race\"))\n\nfor roundtrip in engine.last_frame_sync_attack():\n    print(roundtrip)\n```\n\n## Dependent-Streams Attack\nThe Dependent-Streams Attack leverages HTTP/2's dependent streams feature to induce web race conditions by coordinating the concurrent execution of scheduled requests. It entails dispatching an extensive chain of requests, followed by numerous requests that depend on the final request in the chain.\n\n```python\nfrom webracecondition import Engine, Request, LongRunningChain\n\nengine = Engine(\"https://your-target.com\")\n\nfor i in range(20):\n    engine.add_request(Request(\"GET\", \"/race\")\n\nchain = LongRunningChain(Request(\"GET\", \"/long\"))\nfor i in range(10):\n    chain.add_request(chain.root)\n\nfor roundtrip in engine.dependent_streams_attack(chain):\n    print(roundtrip)\n```\n\n## License\n[MIT](LICENSE)",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Tiny package to test webraceconditions",
    "version": "0.0.14",
    "project_urls": {
        "Homepage": "https://github.com/hupe1980/webracecondition",
        "Repository": "https://github.com/hupe1980/webracecondition"
    },
    "split_keywords": [
        "webracecondition",
        "pentest",
        "cybersecurity"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "d8a2ae700013bed8a99db3b7f41e237fcf43486cf3d49b2eee0206f21652aa4c",
                "md5": "635fbc590fc7c6ddcc61e8128d50cdcb",
                "sha256": "fc4f93df2cb042057e836e6f3ff50b7339f8b236f54c1164b47cd7432428e86d"
            },
            "downloads": -1,
            "filename": "webracecondition-0.0.14-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "635fbc590fc7c6ddcc61e8128d50cdcb",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.11,<4.0",
            "size": 12538,
            "upload_time": "2023-09-24T21:37:04",
            "upload_time_iso_8601": "2023-09-24T21:37:04.477466Z",
            "url": "https://files.pythonhosted.org/packages/d8/a2/ae700013bed8a99db3b7f41e237fcf43486cf3d49b2eee0206f21652aa4c/webracecondition-0.0.14-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "69d691a4a8e28031620f95ad7084b2023cf77d1d9c2abc4fa17a2f5b9bd17d6f",
                "md5": "81466942ed4f6edde5c3e41ec71f3e66",
                "sha256": "003ce1293ae70c1ec89ead7830f9b5943551a51f31d922750950d93e981accd9"
            },
            "downloads": -1,
            "filename": "webracecondition-0.0.14.tar.gz",
            "has_sig": false,
            "md5_digest": "81466942ed4f6edde5c3e41ec71f3e66",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.11,<4.0",
            "size": 11672,
            "upload_time": "2023-09-24T21:37:05",
            "upload_time_iso_8601": "2023-09-24T21:37:05.715495Z",
            "url": "https://files.pythonhosted.org/packages/69/d6/91a4a8e28031620f95ad7084b2023cf77d1d9c2abc4fa17a2f5b9bd17d6f/webracecondition-0.0.14.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-09-24 21:37:05",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "hupe1980",
    "github_project": "webracecondition",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "webracecondition"
}
        
Elapsed time: 2.01694s