GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → FSecureLABS → timeinator

FSecureLABS / timeinator

Licence: other
Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects

Timeinator

About

Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.

The attack mode is similar to the "sniper" mode in burp intruder, but instead of sending a single request for every payload, it is able to send multiple requests for each payload and display the minimum and maximum times taken to receive a response as well as the mean and median averages and the standard deviation.

In an effort to prevent slow DNS lookups introducing delays, the domain is resolved at the start of the attack before any http requests are made. In addition, the extension sends HTTP(S) requests sequentially to reduce the chance of delays being introduced by overloading the server.

Usage

  1. Enable the extension in order to add a tab titled Timeinator to the Burp Suite user interface.
  2. Send a request to the extension by right clicking on a request anywhere in Burp Suite and choosing the "Send To Timeinator" menu item. This will populate the "Attack" tab under the Timeinator tab.
  3. Select the section of the request that should be replaced with the payloads then click the "Add §" button. This will add a § symbol either side of the characters that should be replaced with the payload. More than one payload position can be chosen in a single request.
  4. Choose how many requests to make for each payload.
  5. Type or copy and paste the payloads into the "Payloads" text area. Place a single payload on each new line.
  6. Hit the "Start Attack" button. Results will be displayed in the Results" tab. If there is more than one payload then results will be colour coded to make timing differences easier to spot. Slower requests will be coloured red and faster requests will be coloured green.

Troubleshooting

This extension is written in Python and therefore requires Jython.

HTTP(S) requests made by this extension will not be shown in the proxy history, however extensions such as Logger++ (available from the BApp store) will do so.

Credits

Timeinator is by [email protected]

Thanks to:

  • @rbsec for adding standard deviation to the results
  • Oliver Simonnet for coming up with the "Timeinator" name
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].