timing_attack 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +17 -3
- data/exe/timing_attack +3 -1
- data/lib/timing_attack/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3fd67bcf5ff8a36acd3bbaeada7e307985a07b3b
|
|
4
|
+
data.tar.gz: b9f7fdce31779f1e273adaa8d471af631b25d54f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4d44502e88a51e759503ac98b9ab318330cdfa27cd2d163789c83c5f062b430688c80b7f0d0fcb72fe0499cf01f76ce606d522b6d3ff6dfc01fb6c10ba0f2b09
|
|
7
|
+
data.tar.gz: 2fb6deeb33595604a0447efa4d95818638ccaefab25fdc58d241ca9708015c976299333e08c46d4a4ac78033629250d0f566126f3f46a376a69e6825d77ebd39
|
data/README.md
CHANGED
|
@@ -17,15 +17,17 @@ If you need a known-vulnerable application for testing and/or development, see
|
|
|
17
17
|
|
|
18
18
|
```
|
|
19
19
|
timing_attack [options] -u <target> <inputs>
|
|
20
|
-
-u, --url URL URL of endpoint to profile
|
|
20
|
+
-u, --url URL URL of endpoint to profile. 'INPUT' will be replaced with the attack string
|
|
21
21
|
-n, --number NUM Requests per input (default: 50)
|
|
22
22
|
-c, --concurrency NUM Number of concurrent requests (default: 15)
|
|
23
23
|
-t, --threshold NUM Minimum threshold, in seconds, for meaningfulness (default: 0.025)
|
|
24
24
|
-p, --post Use POST, not GET
|
|
25
25
|
-q, --quiet Quiet mode (don't display progress bars)
|
|
26
|
-
|
|
26
|
+
-b, --brute-force Brute force mode
|
|
27
27
|
--parameters STR JSON hash of parameters. 'INPUT' will be replaced with the attack string
|
|
28
28
|
--body STR JSON of body paramets to be sent to Typhoeus. 'INPUT' will be replaced with the attack string
|
|
29
|
+
--http-username STR HTTP basic authentication username. 'INPUT' will be replaced with the attack string
|
|
30
|
+
--http-password STR HTTP basic authentication password. 'INPUT' will be replaced with the attack string
|
|
29
31
|
--percentile NUM Use NUMth percentile for calculations (default: 3)
|
|
30
32
|
--mean Use mean for calculations
|
|
31
33
|
--median Use median for calculations
|
|
@@ -75,11 +77,23 @@ attack due to an early return in string comparison. We can attack it with
|
|
|
75
77
|
```bash
|
|
76
78
|
timing_attack -u http://localhost:3000/timing/string_comparison \
|
|
77
79
|
--parameters '{"password":"INPUT"}' \
|
|
78
|
-
--
|
|
80
|
+
--brute-force
|
|
79
81
|
```
|
|
80
82
|
This will attempt a brute-force timing attack against against the `password`
|
|
81
83
|
parameter.
|
|
82
84
|
|
|
85
|
+
### Specifying inputs
|
|
86
|
+
The URL itself (`--url`), URL parameters (`--parameters`), and the HTTP body
|
|
87
|
+
(`--body`) can all contain the string `INPUT`. `INPUT` will be replaced with
|
|
88
|
+
the current attack string, whether it is specified on the command line (as in
|
|
89
|
+
enumeration mode), or generated by timing_attack (as in brute force mode).
|
|
90
|
+
|
|
91
|
+
To perform a timing attack against HTTP basic authentication, `--http-username`
|
|
92
|
+
and `--http-password` can be specified. `INPUT` will be replaced with the
|
|
93
|
+
current attack string as above.
|
|
94
|
+
|
|
95
|
+
The `--parameters` and `--body` options must be specified in JSON format.
|
|
96
|
+
|
|
83
97
|
## How it works
|
|
84
98
|
|
|
85
99
|
The various inputs are each thrown at the endpoint `--number` times. The
|
data/exe/timing_attack
CHANGED
|
@@ -19,7 +19,9 @@ class TimingAttackCli
|
|
|
19
19
|
@opt_parser ||= OptionParser.new do |opts|
|
|
20
20
|
opts.program_name = File.basename(__FILE__)
|
|
21
21
|
opts.banner = "#{opts.program_name} [options] -u <target> <inputs>"
|
|
22
|
-
opts.on("-u URL", "--url URL", "URL of endpoint to profile")
|
|
22
|
+
opts.on("-u URL", "--url URL", "URL of endpoint to profile. 'INPUT' will be replaced with the attack string") do |str|
|
|
23
|
+
options[:url] = str
|
|
24
|
+
end
|
|
23
25
|
opts.on("-n NUM", "--number NUM", "Requests per input (default: 50)") do |num|
|
|
24
26
|
options[:iterations] = num.to_i
|
|
25
27
|
end
|