timing_attack 0.5.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5287eec2e908eee5eb488df3f54f34331db4657e
4
- data.tar.gz: 411d19b42241bd668205812445bae18139bb8292
3
+ metadata.gz: 3fd67bcf5ff8a36acd3bbaeada7e307985a07b3b
4
+ data.tar.gz: b9f7fdce31779f1e273adaa8d471af631b25d54f
5
5
  SHA512:
6
- metadata.gz: 494cc10f5f13d3fc1057c8b697cfa5ab3a66f1982f08d8178105729ec0c3feb672510408a53c426ad719197d1cbc2d81f79b5420cda67ae2bdb54818540d6470
7
- data.tar.gz: d89c6979cb2cb61cd73bafaec6d5d5e0304a87e65e09ceec332dd0623d49e2384d22ba80fa81f6ff5912bd26f0abc0e9c7caad727ad6a70cf7a8dfd7940b0964
6
+ metadata.gz: 4d44502e88a51e759503ac98b9ab318330cdfa27cd2d163789c83c5f062b430688c80b7f0d0fcb72fe0499cf01f76ce606d522b6d3ff6dfc01fb6c10ba0f2b09
7
+ data.tar.gz: 2fb6deeb33595604a0447efa4d95818638ccaefab25fdc58d241ca9708015c976299333e08c46d4a4ac78033629250d0f566126f3f46a376a69e6825d77ebd39
data/README.md CHANGED
@@ -17,15 +17,17 @@ If you need a known-vulnerable application for testing and/or development, see
17
17
 
18
18
  ```
19
19
  timing_attack [options] -u <target> <inputs>
20
- -u, --url URL URL of endpoint to profile
20
+ -u, --url URL URL of endpoint to profile. 'INPUT' will be replaced with the attack string
21
21
  -n, --number NUM Requests per input (default: 50)
22
22
  -c, --concurrency NUM Number of concurrent requests (default: 15)
23
23
  -t, --threshold NUM Minimum threshold, in seconds, for meaningfulness (default: 0.025)
24
24
  -p, --post Use POST, not GET
25
25
  -q, --quiet Quiet mode (don't display progress bars)
26
- --brute_force Brute force mode
26
+ -b, --brute-force Brute force mode
27
27
  --parameters STR JSON hash of parameters. 'INPUT' will be replaced with the attack string
28
28
  --body STR JSON of body paramets to be sent to Typhoeus. 'INPUT' will be replaced with the attack string
29
+ --http-username STR HTTP basic authentication username. 'INPUT' will be replaced with the attack string
30
+ --http-password STR HTTP basic authentication password. 'INPUT' will be replaced with the attack string
29
31
  --percentile NUM Use NUMth percentile for calculations (default: 3)
30
32
  --mean Use mean for calculations
31
33
  --median Use median for calculations
@@ -75,11 +77,23 @@ attack due to an early return in string comparison. We can attack it with
75
77
  ```bash
76
78
  timing_attack -u http://localhost:3000/timing/string_comparison \
77
79
  --parameters '{"password":"INPUT"}' \
78
- --brute_force
80
+ --brute-force
79
81
  ```
80
82
  This will attempt a brute-force timing attack against against the `password`
81
83
  parameter.
82
84
 
85
+ ### Specifying inputs
86
+ The URL itself (`--url`), URL parameters (`--parameters`), and the HTTP body
87
+ (`--body`) can all contain the string `INPUT`. `INPUT` will be replaced with
88
+ the current attack string, whether it is specified on the command line (as in
89
+ enumeration mode), or generated by timing_attack (as in brute force mode).
90
+
91
+ To perform a timing attack against HTTP basic authentication, `--http-username`
92
+ and `--http-password` can be specified. `INPUT` will be replaced with the
93
+ current attack string as above.
94
+
95
+ The `--parameters` and `--body` options must be specified in JSON format.
96
+
83
97
  ## How it works
84
98
 
85
99
  The various inputs are each thrown at the endpoint `--number` times. The
data/exe/timing_attack CHANGED
@@ -19,7 +19,9 @@ class TimingAttackCli
19
19
  @opt_parser ||= OptionParser.new do |opts|
20
20
  opts.program_name = File.basename(__FILE__)
21
21
  opts.banner = "#{opts.program_name} [options] -u <target> <inputs>"
22
- opts.on("-u URL", "--url URL", "URL of endpoint to profile") { |str| options[:url] = str }
22
+ opts.on("-u URL", "--url URL", "URL of endpoint to profile. 'INPUT' will be replaced with the attack string") do |str|
23
+ options[:url] = str
24
+ end
23
25
  opts.on("-n NUM", "--number NUM", "Requests per input (default: 50)") do |num|
24
26
  options[:iterations] = num.to_i
25
27
  end
@@ -1,3 +1,3 @@
1
1
  module TimingAttack
2
- VERSION = "0.5.0"
2
+ VERSION = "0.5.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: timing_attack
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Forrest Fleming