Experimental: This is an experimental project. It works, but I am looking for feedback and help from the community to improve this tool.
Rage Racer is an easy to use HTTP race condition testing tool. It fires off multiple requests instantly allowing you to test for race conditions in web applications.
For example, imagine a store allows you to redeem a gift card. You enter a voucher code, press a button, and your credit is applied to your account. What if you was able to send 10 requests instantly, very quickly, and have your account credited 10 times?
... this is a common problem and is one attackers often exploit.
Yarn
yarn global add rage-racer
NPM
npm install -g rage-racer
A session is a .json file that contains data required to replay a request.
{
"url": "https://requestb.in/q1zrf3q2",
"method": "POST",
"payload": "a=1&b=2&c=3",
"tries": 10,
"headers": {
"cookie": "username=lul&password=dank",
"user-agent": "DankBro"
},
"redirect": "follow"
}
url: (required) The URL to make the request tomethod: (optional) HTTP method. Default: GETpayload: (optional) Payload for POST requests onlytries: (optional) Number of times to send a request. Default: 10headers: (optional) HTTP headersredirect: (optional) Set to manual to disable location following. Default: followNote: To send cookies include the cookie string with the headers.
rageracer --config session.json
Once complete Rage Racer returns the response data for each request in json format to STDOUT. Each request returns the following object:
{
"url": "...",
"body": "...",
"status": "...",
"headers": "..."
}
url: Response URLbody: Response bodystatus: Response status codeheaders: Response headersThis is useful for piping into files, or other software.
This is an open source project. If you can improve it create a fork and submit a PR :)
FAQs
The npm package rage-racer receives a total of 8 weekly downloads. As such, rage-racer popularity was classified as not popular.
We found that rage-racer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.