Timed requests/responses help

Dr1v3n · February 10, 2020, 4:41am

When I am pentesting an API, sometimes there are timed requests/responses. What I mean is that if I have proxy enabled, the server or app is expecting a response within a few seconds, and this is not enough time for me to edit the request or response body when I am intercepting the traffic. This occurs for example with a “heartbeat” request. It expects a heartbeat every 10 seconds and when it doesn’t hear back due to my proxy, it detects something is wrong.

How can I manipulate these types of requests without alerting the system that there is a proxy?

BugHunt3r101 · July 20, 2022, 11:56pm

I never messed around with it but on top my head, can you set an intruder attack every 5-8 seconds and send a heartbeat? Maybe make sure you have a fast connection (connected via wire) and make sure your not overloading your network or pc when trying to edit request (quickly). Just thoughts!

Topic		Replies	Views
LevelUp 0x03 - Turbo Intruder: Abusing HTTP Misfeatures to Accelerate Attacks by albinowax LevelUp Conference	1	2993	December 11, 2019
Need API hacking protips Starter Zone	1	6259	December 10, 2020
Admin Backend visible 403 Unauthorized Web Hacking	1	2564	July 25, 2022
Looking for ways to do some undetecable web crawling Recon Techniques	10	3713	October 23, 2018
HTTP request smuggling attack Starter Zone	2	2055	December 22, 2019

Timed requests/responses help

Related Topics