Step 1: Register
Register and you’ll soon find yourself on the main dashboard. Click on “Exchange”.
Step 2: Proxy traffic
Proxy your traffic through burp/caido and type in an amount e.g 50, then hit convert:
Step 3: Repeat, Repeater, Repeat!
Right-click and hit send to repeater. Do this several times.
You should end up with multiple tabs. Select the first of the tabs, right-click and “Add tab to group”
Select the tabs that you sent to repeater with this request in and hit “Create”:
Now you will have a group that looks like this:
Step 4: Send in parallel
Select the drop down arrow and then “Send group in parallel”:
Now click “Send group (parallel)” (note: this may take several attempts to run down your balance in the app:
Step 5: Get the flag
This will trigger the race condition once your balance drops below a certain level and the flag will be in the response:
Thanks for reading!
