0003879: timing_attack - Profiles web application endpoints and sorts according to response time to reveal timing differences and aid in - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0003879	Kali Linux	Queued Tool Addition	public	2017-02-14 04:13	2020-12-01 11:13

Reporter	fsf	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	acknowledged	Resolution	open

Summary	0003879: timing_attack - Profiles web application endpoints and sorts according to response time to reveal timing differences and aid in
Description	I just released 0.5.3, which relaxes the version constraints of timing_attack to be compatible with a current Kali install. 0.5.3 builds fine for me on my Kali VM with gem2deb and installs, runs, etc as expected. I'm happy to maintain the package as part of the release process on timing_attack - just point me at the documentation for PRs, your workflow, etc. timing_attack itself is a gem that I built to enumerate timing vulnerabilities in web applications. It's been used for Real Work, though it's not the sort of thing that's going to have interesting whitepapers written about it. My main goal in writing it was being able to quickly test whether a couple known vulnerabilities had been fixed, so ease-of-use was paramount. I think it'd be a good addition to Kali, especially since its only two runtime dependencies are already included. Its brute-force mode isn't all that useful unless the app is doing some really weird hashing (it of course doesn't have resolution down to the handful of nanoseconds required), but enumeration mode works great for e.g. telling if entries exist in the application's database.

g0tmi1k 2018-01-29 15:15 administrator ~0008489	To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us): [Name] - The name of the tool [Version] - What version of the tool should be added? --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag) [Homepage] - Where can the tool be found online? Where to go to get more information? [Download] - Where to go to get the tool? [Author] - Who made the tool? [Licence] - How is the software distributed? What conditions does it come with? [Description] - What is the tool about? What does it do? [Dependencies] - What is needed for the tool to work? [Similar tools] - What other tools are out there? [How to install] - How do you compile it? [How to use] - What are some basic commands/functions to demonstrate it?

fsf 2018-02-17 17:36 reporter ~0008691	[Name] - timing_attack [Version] - 0.7.0 --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag) Check [Homepage] - https://github.com/ffleming/timing_attack [Download] - https://github.com/ffleming/timing_attack, https://rubygems.org/gems/timing_attack [Author] - Forrest Fleming [Licence] - MIT [Description] - Profiles web application endpoints and sorts according to response time to reveal timing differences and aid in enumeration [Dependencies] - Ruby (typhoeus gem, ruby-progressbar gem) [Similar tools] - Unsure; I wrote the tool because I could only find fairly obnoxious research-quality platforms, but I just wanted to enumerate some logins. [How to install] - gem install timing_attack (or similar for apt-distributed gems) [How to use] - timing_attack -q -u TARGET login1 login2 ... loginN

g0tmi1k 2020-03-30 14:36 administrator ~0012564	@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Date Modified	Username	Field	Change
2017-02-14 04:13	fsf	New Issue
2018-01-29 10:33	g0tmi1k	Summary	I'd like to include the timing_attack gem in Kali => timing_attack gem in Kali
2018-01-29 15:15	g0tmi1k	Note Added: 0008489
2018-02-17 17:36	fsf	Note Added: 0008691
2019-12-09 13:30	g0tmi1k	Severity	tweak => feature
2020-03-30 14:36	g0tmi1k	Note Added: 0012564
2020-03-30 14:36	g0tmi1k	Status	new => acknowledged
2020-03-30 14:36	g0tmi1k	Category	New Tool Requests => Queued Tool Addition
2020-03-30 14:36	g0tmi1k	Summary	timing_attack gem in Kali => timing_attack
2020-06-17 14:58	g0tmi1k	Severity	feature => minor
2020-12-01 11:13	g0tmi1k	Summary	timing_attack => timing_attack - Profiles web application endpoints and sorts according to response time to reveal timing differences and aid in