metasploit-framework
https://github.com/rapid7/metasploit-framework
Ruby
Metasploit Framework
Msf::Auxiliary::Web::Analysis::Timing#timeout_analysis
Performs timeout/time-delay analysis and logs an issue should there be one.
Fuzzer must provide:
- #seeds_for -- Array of Strings with server-side code which, when interpreted,
will cause a delay in response. Must include 'stub'.
Here's how it goes:
* Ensures that the server is responsive.
* Injects the seed and makes sure that the expected delay has been successfully introduced.
* Ensures that the server is responsive -- blocks until the attack has worn off.
* Increases the original delay and makes sure that the expected delay has been successfully introduced.
* Ensures that the server is responsive-- blocks until the attack has worn off.
* Logs the vulnerability.
opts - Options Hash (default: {})
:timeout - Integer amount of seconds to wait for the request to complete (default: 5)
:stub - String stub to be replaced by delay * multi (default: __TIME__)
:multi - Integer multiplier (stub = timeout * multi) (default: 1)Edit
git clone [email protected]:rapid7/metasploit-framework.git
cd metasploit-framework
open lib/msf/core/auxiliary/web/analysis/timing.rb
Contribute
# Make a new branchgit checkout -b -your-name--update-docs-Msf--Auxiliary--Web--Analysis--Timing-timeout_analysis-for-pr
# Commit to gitgit add lib/msf/core/auxiliary/web/analysis/timing.rbgit commit -m "better docs for Msf::Auxiliary::Web::Analysis::Timing#timeout_analysis"
# Open pull requestgem install hub # on a mac you can `brew install hub`
hub fork
git push <your name> -your-name--update-docs-Msf--Auxiliary--Web--Analysis--Timing-timeout_analysis-for-pr
hub pull-request
# Celebrate!