Hunt race conditions in web applications
hunt-race-conditionskillsetup L3★1,791
elementalsouls/Claude-BugHunter ↗What it does
Identify time-of-check-time-of-use (TOCTOU) race conditions in critical flows
Best for
Bypassing single-use limits (OTP, tokens) via parallel submission before invalidation.
Inputs
- · Target endpoint
- · Race payload
- · Timing window
Outputs
- · Race condition proof
- · Exploitation payload
Requires
- · ffuf
- · Turbo Intruder
- · async HTTP client
Preconditions
- · Vulnerable state transition identified
- · Timing window measured
Failure modes
- · Request serialization on server
- · Single-threaded request handler
Trust signals
- · HTTP/2 stream parallelization
- · Race confirmation >1 success