Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Multi-endpoint race conditions - I don't understand why it works as it is

Jack | Last updated: Jul 01, 2024 10:03PM UTC

A) Basically we send a get request to the home page (/) which starts the cookie session validation process which takes 700ms. B) Then fast we send post requests to add items to the cart and to check out. I don't understand how A is related to B. My theory: when the request A was started, somehow the next requests (B) know that a session validation is in progress and they don't validate again the cookie at the requests at B (warm up effect) which warmed state is kept for like 1-2 minutes? But how A is related to the check out logic flow at requests B? Sorry for the confusion, I am stunned by myself how hard is for me this one lab to understand. I hope somebody can help me out with a detailed, compact explanation. thank you

Ben, PortSwigger Agent | Last updated: Jul 02, 2024 12:38PM UTC

Hi Jack, This is touched upon in steps 3, 4, 5 and 6 of the 'Benchmark the behaviour' part of the solution. You are, effectively, testing the behaviour of the site at this point in time - the first request in sequence 'warms' the connection and allows the following requests to be completed quicker but this behaviour is not tied to the processing times of the end point and will not really impact your attack in any meaningful way. The GET request introduced in step 5 of the solution is simply there to test and confirm that the 'warming' of the connection happens with the first request regardless of what that request is.

Jack | Last updated: Jul 02, 2024 07:10PM UTC

thank you. And just one small question: why do we need to warm up the connection? It seems to me that it is not only for showcasing something, but it has impact on the actual lab --> If we don't warm /, the other 2 requests would be too far from each other in time to use the race window? So what is the actual race window here, if the warm up takes 700ms, and the other 2 requests take 200ms, is the time window 500ms? Really thank you, I am so confused by this lab I am breaking my belief in myself :-)

Ben, PortSwigger Agent | Last updated: Jul 03, 2024 12:25PM UTC

Hi Jack, Have you read the learning material associated with this topic? There is some discussion on this on the following page (specifically within the 'Aligning multi-endpoint race windows' -> 'Connection warming' section: https://portswigger.net/web-security/race-conditions

Jack | Last updated: Jul 03, 2024 05:00PM UTC