LogicProbe is a specialized security tool for discovering business logic vulnerabilities in APIs and web applications. It tests multi-step flows via state machine modeling and automates fuzzing of out-of-order execution paths.
Made by baba01hacker.
- State Machine Modeling: Define complex multi-step user journeys (e.g., cart -> checkout -> payment).
- Automated Fuzzing: Automatically permutes the steps to execute them out of order and uncover race conditions, skipped validations, or state vulnerabilities.
- Cookie & Session Handling: Maintains session state throughout the defined flow automatically.
You can install LogicProbe directly via pip:
pip install logicprobeOr from source:
git clone https://github.com/Baba01hacker666/logicprobe.git
cd logicprobe
pip install .logicprobe -u <url> -f <state_machine.json> [options]-u,--url: Target base URL (required)-f,--file: State machine JSON definition file (required)--fuzz: Fuzz state transitions (out of order execution)
First, define a state machine in a JSON file (e.g., checkout_flow.json):
{
"steps": {
"add_to_cart": {
"endpoint": "/api/cart",
"method": "POST",
"data": {"item_id": 123, "qty": 1},
"expected_status": 200
},
"apply_coupon": {
"endpoint": "/api/coupon",
"method": "POST",
"data": {"code": "FREE100"},
"expected_status": 200
},
"checkout": {
"endpoint": "/api/checkout",
"method": "POST",
"data": {},
"expected_status": 200
}
},
"flows": [
["add_to_cart", "apply_coupon", "checkout"]
]
}Run LogicProbe to execute the defined flow:
logicprobe -u https://api.target.com -f checkout_flow.jsonOr fuzz the state transitions to find logic bypasses:
logicprobe -u https://api.target.com -f checkout_flow.json --fuzzThis tool is for educational purposes and authorized security testing only. The author is not responsible for any misuse.