Timing Attack Checker Timing Attack Checker / tool / free

http://pentestmonkey.net/tools/timing-attack-ch...

A sweet little PERL script for pentesting timing attacks on logins to brute force guess lists of existing usernames.
0 favorites
submitted almost 3 years ago, by pineapple
Timing Attack Checker popular tool

1 Comment

pineapple

Cool script, here's a sample of something I just tried it on:

perl ./timing-attack-checker.pl -n 200 \
    'curl --data "username=z&password=nothing" http://localhost:3000/login' \
    'curl --data "username=zaphod&password=nothing" http://localhost:3000/login' \
    'curl --data "username=doesntexist&password=nothing" http://localhost:3000/login'

Sample output before attempting to counter a timing attack

=================================================
Results for: curl --data "username=zaphod&password=nothing" http://localhost:3000/login
Average time: 0.069618335
Minimum time: 0.051241
Maximum time: 0.194459
Standard deviation: 0.0264472536189067 (i.e. 68% of times within 1 sd, 95% within 2 sd)
Was fastest on 0 out of 200 occassions (0% of the time)
Was slowest on 160 out of 200 occassions (80% of the time)
=================================================
Results for: curl --data "username=doesntexist&password=nothing" http://localhost:3000/login
Average time: 0.02706211
Minimum time: 0.019439
Maximum time: 0.099455
Standard deviation: 0.0170977406386897 (i.e. 68% of times within 1 sd, 95% within 2 sd)
Was fastest on 159 out of 200 occassions (79.5% of the time)
Was slowest on 18 out of 200 occassions (9% of the time)
=================================================
Results for: curl --data "username=z&password=nothing" http://localhost:3000/login
Average time: 0.033158755
Minimum time: 0.019987
Maximum time: 0.089747
Standard deviation: 0.0162291339527091 (i.e. 68% of times within 1 sd, 95% within 2 sd)
Was fastest on 41 out of 200 occassions (20.5% of the time)
Was slowest on 22 out of 200 occassions (11% of the time)
=================================================

pineapple, almost 3 years ago


Login or to comment.

Tutorials are any resources you learn from.

Examples: an intro to html5 screencast, a pdf about git, photoshop effects tutorials, meta-programming in ruby, lambda calculus, higher-order fixed-point combinators.

Tools are websites, apps or services used -on- your project (indirectly), to aid the process.

Examples: A color scheme generator, email marketing software, usability heat maps, css3 code generators, a downloadable png compressor.

Assets are downloadable files used -in- your projects, usually as code, textures, or images.

Examples: a jquery sticky menu, photoshop brushes, background textures, mvc frameworks, twitter bootstrap, 960 grid system.