Timed requests/responses help

Dr1v3n · February 10, 2020, 4:41am

When I am pentesting an API, sometimes there are timed requests/responses. What I mean is that if I have proxy enabled, the server or app is expecting a response within a few seconds, and this is not enough time for me to edit the request or response body when I am intercepting the traffic. This occurs for example with a “heartbeat” request. It expects a heartbeat every 10 seconds and when it doesn’t hear back due to my proxy, it detects something is wrong.

How can I manipulate these types of requests without alerting the system that there is a proxy?

BugHunt3r101 · July 20, 2022, 11:56pm

I never messed around with it but on top my head, can you set an intruder attack every 5-8 seconds and send a heartbeat? Maybe make sure you have a fast connection (connected via wire) and make sure your not overloading your network or pc when trying to edit request (quickly). Just thoughts!

Topic		Replies	Views
LevelUp 0x03 - Turbo Intruder: Abusing HTTP Misfeatures to Accelerate Attacks by albinowax LevelUp Conference	1	3414	December 11, 2019
Need API hacking protips Starter Zone	1	8499	December 10, 2020
Admin Backend visible 403 Unauthorized Web Hacking	1	3102	July 25, 2022
Looking for ways to do some undetecable web crawling Recon Techniques	10	4135	October 23, 2018
XXE clarification Starter Zone	3	2665	August 5, 2017

Timed requests/responses help

Related topics