Class: Arachni::Plugins::TimingAttacks

Inherits:

Arachni::Plugin::Base

• Object
• Component::Base
• Arachni::Plugin::Base
• Arachni::Plugins::TimingAttacks

Defined in:

components/plugins/defaults/meta/remedies/timing_attacks.rb

Overview

Provides a notice for issues uncovered by timing attacks when the affected audited pages returned unusually high response times to begin with.

Author:

• Tasos "Zapotek" Laskos tasos.laskos@arachni-scanner.com

Constant Summary

TAG =

Look for issue by tag name.

'timing'

TIME_THRESHOLD =

Response times of a page must be greater or equal to this in order to be considered.

0.6

REMARK =

'This issue was discovered using a timing-attack but the audited ' +
'page was exhibiting unusually high response times to begin with. ' +
'This could be an indication that the logged issue is a false positive.'

Constants included from Arachni

BANNER, Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML

Instance Attribute Summary

Attributes inherited from Arachni::Plugin::Base

#framework, #options

Class Method Summary

• .info ⇒ Object

Instance Method Summary

• #prepare ⇒ Object
• #restore(data) ⇒ Object
• #run ⇒ Object
• #suspend ⇒ Object

Methods inherited from Arachni::Plugin::Base

#browser_cluster, #clean_up, distributable, distributable?, #framework_abort, #framework_pause, #framework_resume, gems, #http, #info, #initialize, is_distributable, merge, #register_results, #session, #wait_while_framework_running, #with_browser

Methods inherited from Component::Base

author, description, fullname, #shortname, shortname, shortname=, version

Methods included from Component::Output

#depersonalize_output, #depersonalize_output?, #intercept_print_message

Methods included from UI::Output

#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on

Methods included from Component::Utilities

#read_file

Methods included from Utilities

#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Arachni

URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?

Constructor Details

This class inherits a constructor from Arachni::Plugin::Base

Class Method Details

.info ⇒ Object

# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 77

def self.info
    {
        name:        'Timing attack anomalies',
        description: %q{
Analyzes the scan results and logs issues that used timing attacks while the
affected web pages demonstrated an unusually high response time; a situation
which renders the logged issues inconclusive or (possibly) false positives.

Pages with high response times usually include heavy-duty processing which makes
them prime targets for Denial-of-Service attacks.
},
        author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
        version:     '0.3.1',
        tags:        %w(anomaly timing attacks meta)
    }
end

Instance Method Details

#prepare ⇒ Object

# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 28

def prepare
    @times   = {}
    @counter = {}
end

#restore(data) ⇒ Object

# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 33

def restore( data )
    @times, @counter = *data
end

#run ⇒ Object

# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 37

def run
    # Run for each response as it arrives.
    http.on_complete do |response|
        # We don't care about non OK responses.
        next if response.code != 200

        url = response.parsed_url.up_to_path.persistent_hash

        @counter[url] ||= @times[url] ||= 0

        # Add up all request times for a specific path.
        @times[url] += response.time

        # Add up all requests for each path.
        @counter[url] += 1
    end

    wait_while_framework_running

    avg = {}

    # Calculate average request time for each path.
    @times.each_pair { |url, time| avg[url] = time / @counter[url] }

    Data.issues.each do |issue|
        response_time = avg[uri_parse( issue.vector.action ).up_to_path.persistent_hash]
        next if !issue.tags.includes_tags?( TAG ) || !response_time ||
            response_time < TIME_THRESHOLD

        issue.add_remark :meta_analysis, REMARK

        # Requires manual verification.
        issue.trusted = false
    end
end

#suspend ⇒ Object

# File 'components/plugins/defaults/meta/remedies/timing_attacks.rb', line 73

def suspend
    [@times, @counter]
end