Simple limit overrun

Use case

Some examples for potentially vulnerable functionalities:

  • Redeeming a gift card multiple times

  • Rating a product multiple times

  • Withdrawing or transferring cash in excess of your account balance

  • Reusing a single CAPTCHA solution

  • Bypassing an anti-brute-force rate limit

Burp: Send Parallel

Simple way to test a (low level) race condition is to use Burp Repeater.

  1. Send same request to burp repeater multiple times

  2. Right click -> Move tab to Group (mark requests)

  3. Send group in parallel (single-packet attack)

Last updated