Skip to content
/ yuge Public

⚡ HTTP race condition testing tool. Sends a yuge amount of requests to a single endpoint in a short window of time by withholding the last byte of each request.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bruunand/yuge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
samples
samples
 
 
src/main/kotlin/dk/anderslangballe
src/main/kotlin/dk/anderslangballe
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Yuge

Sends a yuge amount of HTTP requests to a single endpoint in a short window of time by withholding the last byte of each request. Use this research tool to test potential race condition exploits in your own software. Can be considered a standalone/Dockerized version of PortSwiggers's Turbo Intruder extension. Check out their article and extension on GitHub, which provides additional functionality for advanced users. You can also read more about race conditions in web applications.

Usage

Build the Docker image:

docker build . -t yuge:latest

Run an attack:

docker run --read-only \
-v ${PWD}/samples:/root/samples \
-e TARGET_HOST=localhost \
-e TARGET_PORT=5000 \
-e NUMBER_OF_REQUESTS=100 \
-e REQUEST_FILE=sample.request \
yuge:latest

The example above sends 100 requests to localhost:5000 using the contents of samples/sample.request.

About

⚡ HTTP race condition testing tool. Sends a yuge amount of requests to a single endpoint in a short window of time by withholding the last byte of each request.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages