Class: Arachni::Plugins::TimingAttacks

Inherits:
Arachni::Plugin::Base show all
Defined in:
components/plugins/defaults/meta/remedies/timing_attacks.rb

Overview

Provides a notice for issues uncovered by timing attacks when the affected audited pages returned unusually high response times to begin with.

Author:

Constant Summary collapse

TAG =

Look for issue by tag name.

'timing'
TIME_THRESHOLD =

Response times of a page must be greater or equal to this in order to be considered.

0.6
REMARK =
'This issue was discovered using a timing-attack but the audited ' +
'page was exhibiting unusually high response times to begin with. ' +
'This could be an indication that the logged issue is a false positive.'

Constants included from Arachni

BANNER, Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML

Instance Attribute Summary

Attributes inherited from Arachni::Plugin::Base

#framework, #options

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Arachni::Plugin::Base

#browser_cluster, #clean_up, distributable, distributable?, #framework_abort, #framework_pause, #framework_resume, gems, #http, #info, #initialize, is_distributable, merge, #register_results, #session, #wait_while_framework_running, #with_browser

Methods inherited from Component::Base

author, description, fullname, #shortname, shortname, shortname=, version

Methods included from Component::Output

#depersonalize_output, #depersonalize_output?, #intercept_print_message

Methods included from UI::Output

#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on

Methods included from Component::Utilities

#read_file

Methods included from Utilities

#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Arachni

URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?

Constructor Details

This class inherits a constructor from Arachni::Plugin::Base

Class Method Details

.infoObject


77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 77

def self.info
    {
        name:        'Timing attack anomalies',
        description: %q{
Analyzes the scan results and logs issues that used timing attacks while the
affected web pages demonstrated an unusually high response time; a situation
which renders the logged issues inconclusive or (possibly) false positives.

Pages with high response times usually include heavy-duty processing which makes
them prime targets for Denial-of-Service attacks.
},
        author:      'Tasos "Zapotek" Laskos <[email protected]>',
        version:     '0.3.1',
        tags:        %w(anomaly timing attacks meta)
    }
end

Instance Method Details

#prepareObject


28
29
30
31
# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 28

def prepare
    @times   = {}
    @counter = {}
end

#restore(data) ⇒ Object


33
34
35
# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 33

def restore( data )
    @times, @counter = *data
end

#runObject


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 37

def run
    # Run for each response as it arrives.
    http.on_complete do |response|
        # We don't care about non OK responses.
        next if response.code != 200

        url = response.parsed_url.up_to_path.persistent_hash

        @counter[url] ||= @times[url] ||= 0

        # Add up all request times for a specific path.
        @times[url] += response.time

        # Add up all requests for each path.
        @counter[url] += 1
    end

    wait_while_framework_running

    avg = {}

    # Calculate average request time for each path.
    @times.each_pair { |url, time| avg[url] = time / @counter[url] }

    Data.issues.each do |issue|
        response_time = avg[uri_parse( issue.vector.action ).up_to_path.persistent_hash]
        next if !issue.tags.includes_tags?( TAG ) || !response_time ||
            response_time < TIME_THRESHOLD

        issue.add_remark :meta_analysis, REMARK

        # Requires manual verification.
        issue.trusted = false
    end
end

#suspendObject


73
74
75
# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 73

def suspend
    [@times, @counter]
end