timing_attack 0.6.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +17 -10
- data/exe/timing_attack +6 -0
- data/lib/timing_attack/attacker.rb +5 -3
- data/lib/timing_attack/spinner.rb +4 -3
- data/lib/timing_attack/test_case.rb +5 -3
- data/lib/timing_attack/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a9dad3ef8376bd88e79bcd12837a63ba8f3a13bc
|
|
4
|
+
data.tar.gz: e9264080d5a988ec447116417c9a70d90651dad9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c30183c4cad7f9aab7d7b4ad38ea8bdecbf33462d5e6bb665259f216682ceae8d5665fd09f8641f2173cfb2b189cb2f3207aa9f4fa6efdbef49d928d39298c2
|
|
7
|
+
data.tar.gz: 8176233a6769ddbba0c37e74dd7b640af90b476bf90a0600e3ae57c83d1cf87468e3cbdd1eeec3c9d8b3530b948b597c95b4f2007df4444e5d5d238a48329bdf
|
data/README.md
CHANGED
|
@@ -29,6 +29,8 @@ timing_attack [options] -u <target> <inputs>
|
|
|
29
29
|
-i, --inputs-file FILE Read inputs from specified file, one per line
|
|
30
30
|
--parameters STR JSON hash of URL parameters. 'INPUT' will be replaced with the attack string
|
|
31
31
|
--parameters-file FILE Name of file containing parameters as with --parameters
|
|
32
|
+
--headers STR JSON hash of headers. 'INPUT' will be replaced with the attack string
|
|
33
|
+
--headers-file FILE Name of file containing headers as with --headers
|
|
32
34
|
--body STR JSON hash of parameters to be included in the request body. 'INPUT' will be replaced with the attack string
|
|
33
35
|
--body-file FILE Name of file containing parameters as with --body
|
|
34
36
|
--http-username STR HTTP basic authentication username. 'INPUT' will be replaced with the attack string
|
|
@@ -42,9 +44,12 @@ timing_attack [options] -u <target> <inputs>
|
|
|
42
44
|
|
|
43
45
|
Note that setting concurrency too high can add significant jitter to your results. If you know that your inputs contain elements in both long and short response groups but your results are bogus, try backing off on concurrency. The default value of 15 is a good starting place for robust remote targets, but you might need to dial it back to as far as 1 (especially if you're attacking a single-threaded server)
|
|
44
46
|
|
|
45
|
-
For the `url`, `body`,
|
|
47
|
+
For the `url`, `body`, `headers`, `--http-password`, `http-username`, and
|
|
48
|
+
`parameters` options, the string `INPUT` can be included. It will be replaced
|
|
49
|
+
with the current test string.
|
|
46
50
|
|
|
47
|
-
The `body` and `parameters` options take objects serialized with
|
|
51
|
+
The `body`, `headers`, and `parameters` options take objects serialized with
|
|
52
|
+
JSON.
|
|
48
53
|
|
|
49
54
|
### Enumeration
|
|
50
55
|
|
|
@@ -88,10 +93,11 @@ This will attempt a brute-force timing attack against against the `password`
|
|
|
88
93
|
parameter.
|
|
89
94
|
|
|
90
95
|
### Specifying inputs
|
|
91
|
-
The URL itself (`--url`), URL parameters (`--parameters`),
|
|
92
|
-
(`--body`) can all contain the string `INPUT`.
|
|
93
|
-
the current attack string, whether it is
|
|
94
|
-
|
|
96
|
+
The URL itself (`--url`), URL parameters (`--parameters`), HTTP body
|
|
97
|
+
(`--body`), and HTTP headers (`--headers`) can all contain the string `INPUT`.
|
|
98
|
+
`INPUT` will be replaced with the current attack string, whether it is
|
|
99
|
+
specified on the command line (as in enumeration mode), or generated by
|
|
100
|
+
timing_attack (as in brute force mode).
|
|
95
101
|
|
|
96
102
|
To perform a timing attack against HTTP basic authentication, `--http-username`
|
|
97
103
|
and `--http-password` can be specified. `INPUT` will be replaced with the
|
|
@@ -101,10 +107,11 @@ The `--parameters` and `--body` options must be specified in JSON format.
|
|
|
101
107
|
|
|
102
108
|
## Reading from files
|
|
103
109
|
|
|
104
|
-
Body contents, parameters, and inputs can all be read from a file
|
|
105
|
-
the comamnd line with `--body-file`, `--parameters-file`,
|
|
106
|
-
|
|
107
|
-
|
|
110
|
+
Body contents, parameters, headers, and inputs can all be read from a file
|
|
111
|
+
specified on the comamnd line with `--body-file`, `--parameters-file`,
|
|
112
|
+
`--headers-file`, and `--inputs-file` respectively. `--body-file`,
|
|
113
|
+
`--parameters-file`, and `--headers-file` expect the file's contents to be a
|
|
114
|
+
JSON hash; `--inputs-file` simply expects one input per line.
|
|
108
115
|
|
|
109
116
|
Example:
|
|
110
117
|
```
|
data/exe/timing_attack
CHANGED
|
@@ -61,6 +61,12 @@ class TimingAttackCli
|
|
|
61
61
|
opts.on("--parameters-file FILE", "Name of file containing parameters as with --parameters") do |str|
|
|
62
62
|
options[:params] = json_file(str)
|
|
63
63
|
end
|
|
64
|
+
opts.on("--headers STR", "JSON hash of headers. 'INPUT' will be replaced with the attack string") do |str|
|
|
65
|
+
options[:headers] = JSON.parse(str)
|
|
66
|
+
end
|
|
67
|
+
opts.on("--headers-file FILE", "Name of file containing headers as with --headers") do |str|
|
|
68
|
+
options[:headers] = json_file(str)
|
|
69
|
+
end
|
|
64
70
|
opts.on("--body STR", "JSON hash of parameters to be included in the request body. 'INPUT' will be replaced with the attack string") do |str|
|
|
65
71
|
options[:body] = JSON.parse(str)
|
|
66
72
|
end
|
|
@@ -4,7 +4,7 @@ module TimingAttack
|
|
|
4
4
|
@options = default_options.merge(options)
|
|
5
5
|
raise ArgumentError.new("Must provide url") if url.nil?
|
|
6
6
|
unless specified_input_option?
|
|
7
|
-
msg = "'#{INPUT_FLAG}' not found in url, parameters, body, or HTTP authentication options"
|
|
7
|
+
msg = "'#{INPUT_FLAG}' not found in url, parameters, body, headers, or HTTP authentication options"
|
|
8
8
|
raise ArgumentError.new(msg)
|
|
9
9
|
end
|
|
10
10
|
raise ArgumentError.new("Iterations can't be < 3") if iterations < 3
|
|
@@ -15,6 +15,7 @@ module TimingAttack
|
|
|
15
15
|
puts "Target: #{url}"
|
|
16
16
|
puts "Method: #{method.to_s.upcase}"
|
|
17
17
|
puts "Parameters: #{params.inspect}" unless params.empty?
|
|
18
|
+
puts "Headers: #{headers.inspect}" unless headers.empty?
|
|
18
19
|
puts "Body: #{body.inspect}" unless body.empty?
|
|
19
20
|
end
|
|
20
21
|
attack!
|
|
@@ -23,7 +24,7 @@ module TimingAttack
|
|
|
23
24
|
private
|
|
24
25
|
attr_reader :attacks, :options
|
|
25
26
|
|
|
26
|
-
%i(iterations url verbose width method mean percentile threshold concurrency params body).each do |sym|
|
|
27
|
+
%i(iterations url verbose width method mean percentile threshold concurrency params body headers).each do |sym|
|
|
27
28
|
define_method(sym) { options.fetch sym }
|
|
28
29
|
end
|
|
29
30
|
alias_method :verbose?, :verbose
|
|
@@ -39,6 +40,7 @@ module TimingAttack
|
|
|
39
40
|
concurrency: 15,
|
|
40
41
|
params: {},
|
|
41
42
|
body: {},
|
|
43
|
+
headers: {},
|
|
42
44
|
basic_auth_username: "",
|
|
43
45
|
basic_auth_password: ""
|
|
44
46
|
}.freeze
|
|
@@ -58,7 +60,7 @@ module TimingAttack
|
|
|
58
60
|
end
|
|
59
61
|
|
|
60
62
|
def input_options
|
|
61
|
-
@input_options ||= %i(basic_auth_password basic_auth_username body params url)
|
|
63
|
+
@input_options ||= %i(basic_auth_password basic_auth_username body params url headers)
|
|
62
64
|
end
|
|
63
65
|
|
|
64
66
|
def specified_input_option?
|
|
@@ -3,9 +3,10 @@ module TimingAttack
|
|
|
3
3
|
|
|
4
4
|
STATES = %w(| / - \\)
|
|
5
5
|
def increment
|
|
6
|
-
@
|
|
7
|
-
@
|
|
8
|
-
|
|
6
|
+
@_spinner ||= 0
|
|
7
|
+
print "\r #{STATES[@_spinner % STATES.length]}"
|
|
8
|
+
@_spinner += 1
|
|
9
|
+
@_spinner = 0 if @_spinner >= STATES.length
|
|
9
10
|
end
|
|
10
11
|
end
|
|
11
12
|
end
|
|
@@ -13,8 +13,9 @@ module TimingAttack
|
|
|
13
13
|
options.fetch(:url).
|
|
14
14
|
gsub(INPUT_FLAG, input)
|
|
15
15
|
)
|
|
16
|
-
@params = params_from(options.fetch
|
|
17
|
-
@body = params_from(options.fetch
|
|
16
|
+
@params = params_from(options.fetch(:params, {}))
|
|
17
|
+
@body = params_from(options.fetch(:body, {}))
|
|
18
|
+
@headers = params_from(options.fetch(:headers, {}))
|
|
18
19
|
@basic_auth_username = params_from(
|
|
19
20
|
options.fetch(:basic_auth_username, "")
|
|
20
21
|
)
|
|
@@ -36,6 +37,7 @@ module TimingAttack
|
|
|
36
37
|
}.tap do |h|
|
|
37
38
|
h[:params] = params unless params.empty?
|
|
38
39
|
h[:body] = body unless body.empty?
|
|
40
|
+
h[:headers] = headers unless headers.empty?
|
|
39
41
|
h[:userpwd] = typhoeus_basic_auth unless typhoeus_basic_auth.empty?
|
|
40
42
|
end
|
|
41
43
|
end
|
|
@@ -85,6 +87,6 @@ module TimingAttack
|
|
|
85
87
|
end
|
|
86
88
|
|
|
87
89
|
attr_reader :times, :options, :percentiles, :url, :params, :body
|
|
88
|
-
attr_reader :basic_auth_username, :basic_auth_password
|
|
90
|
+
attr_reader :basic_auth_username, :basic_auth_password, :headers
|
|
89
91
|
end
|
|
90
92
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: timing_attack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Forrest Fleming
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-12-
|
|
11
|
+
date: 2017-12-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ruby-progressbar
|