time

package
v3.3.6-202411251846 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2024 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package time implements a time delay analyzer using linear regression heuristics inspired from ZAP to discover time based issues.

The approach is the one used in ZAP for timing based checks. Advantages of this approach are many compared to the old approach of heuristics of sleep time.

As we are building a statistical model, we can predict if the delay is random or not very quickly. Also, the payloads are alternated to send a very high sleep and a very low sleep. This way the comparison is faster to eliminate negative cases. Only legitimate cases are sent for more verification.

For more details on the algorithm, follow the links below: - https://groups.google.com/g/zaproxy-develop/c/KGSkNHlLtqk - https://github.com/zaproxy/zap-extensions/pull/5053

This file has been implemented from its original version. It was originally licensed under the Apache License 2.0 (see LICENSE file for details). The original algorithm is implemented in ZAP Active Scanner.

Index

Constants

View Source
const (
	DefaultSleepDuration             = int(5)
	DefaultRequestsLimit             = int(4)
	DefaultTimeCorrelationErrorRange = float64(0.15)
	DefaultTimeSlopeErrorRange       = float64(0.30)
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Analyzer

type Analyzer struct{}

Analyzer is a time delay analyzer for the fuzzer

func (*Analyzer) Analyze

func (a *Analyzer) Analyze(options *analyzers.Options) (bool, string, error)

Analyze is the main function for the analyzer

func (*Analyzer) ApplyInitialTransformation

func (a *Analyzer) ApplyInitialTransformation(data string, params map[string]interface{}) string

ApplyInitialTransformation applies the transformation to the initial payload.

It supports the below payloads -

  • [SLEEPTIME] => sleep_duration
  • [INFERENCE] => Inference payload for time delay analyzer

It also applies the payload transformations to the payload which includes [RANDNUM] and [RANDSTR]

func (*Analyzer) Name

func (a *Analyzer) Name() string

Name is the name of the analyzer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL