module TimingAttack::Attacker

Attributes

attacks[R]
options[R]

Public Class Methods

new(options: {}, inputs: []) click to toggle source
# File lib/timing_attack/attacker.rb, line 3
def initialize(options: {}, inputs: [])
  @options = default_options.merge(options)
  raise ArgumentError.new("Must provide url") if url.nil?
  unless specified_input_option?
    msg = "'#{INPUT_FLAG}' not found in url, parameters, body, headers, or HTTP authentication options"
    raise ArgumentError.new(msg)
  end
  raise ArgumentError.new("Iterations can't be < 3") if iterations < 3
end

Public Instance Methods

run!() click to toggle source
# File lib/timing_attack/attacker.rb, line 13
def run!
  if verbose?
    puts "Target: #{url}"
    puts "Method: #{method.to_s.upcase}"
    puts "Parameters: #{params.inspect}" unless params.empty?
    puts "Headers: #{headers.inspect}" unless headers.empty?
    puts "Body: #{body.inspect}" unless body.empty?
  end
  attack!
end

Private Instance Methods

default_options() click to toggle source
# File lib/timing_attack/attacker.rb, line 32
def default_options
  {
    verbose: true,
    method: :get,
    iterations: 50,
    mean: false,
    threshold: 0.025,
    percentile: 3,
    concurrency: 15,
    params: {},
    body: {},
    headers: {},
    basic_auth_username: "",
    basic_auth_password: ""
  }.freeze
end
input_options() click to toggle source
# File lib/timing_attack/attacker.rb, line 62
def input_options
  @input_options ||= %i(basic_auth_password basic_auth_username body params url headers)
end
option_contains_input?(obj) click to toggle source
# File lib/timing_attack/attacker.rb, line 49
def option_contains_input?(obj)
  case obj
  when String
    obj.include?(INPUT_FLAG)
  when Symbol
    option_contains_input?(obj.to_s)
  when Array
    obj.any? {|el| option_contains_input?(el) }
  when Hash
    option_contains_input?(obj.keys) || option_contains_input?(obj.values)
  end
end
specified_input_option?() click to toggle source
# File lib/timing_attack/attacker.rb, line 66
def specified_input_option?
  input_options.any? { |opt| option_contains_input?(options[opt]) }
end