From b1dc928e68a235798899dcb5c181fbae4bd1a1c1 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 31 Jan 2011 16:07:23 +0000
Subject: [PATCH] implemented validation for time-based inference

---
 lib/core/settings.py              |  3 +++
 lib/techniques/blind/inference.py | 19 +++++++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index c9078a740..7c7673c6a 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -86,6 +86,9 @@ INFERENCE_GREATER_CHAR = ">"
 # character used for operation "equals" in inference
 INFERENCE_EQUALS_CHAR = "="
 
+# character used for operation "not-equals" in inference
+INFERENCE_NOT_EQUALS_CHAR = "!="
+
 # string used for representation of unknown dbms version
 UNKNOWN_DBMS_VERSION = "Unknown"
 
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 8cac847e0..8ec2092b5 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -40,6 +40,7 @@ from lib.core.settings import INFERENCE_BLANK_BREAK
 from lib.core.settings import INFERENCE_UNKNOWN_CHAR
 from lib.core.settings import INFERENCE_GREATER_CHAR
 from lib.core.settings import INFERENCE_EQUALS_CHAR
+from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 
@@ -144,6 +145,16 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
 
         return None
 
+    def validateChar(idx, value):
+        """
+        used in time based inferences (in case of delay compared values are not equal)
+        """
+        forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
+        queriesCount[0] += 1
+        result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
+
+        return not result
+
     def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is None):
         """
         continuousOrder means that distance between each two neighbour's
@@ -171,7 +182,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
 
             if result:
                 return chr(charTbl[0]) if charTbl[0] < 128 else decodeIntToUnicode(charTbl[0])
-            else: 
+            else:
                 return None
 
         maxChar = maxValue = charTbl[-1]
@@ -230,7 +241,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     else:
                         retVal = minValue + 1
                         if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
-                            return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal)
+                            if timeBasedCompare and not validateChar(idx, retVal):
+                                logger.error("invalid character detected. retrying...")
+                                return getChar(idx, originalTbl, continuousOrder, expand)
+                            else:
+                                return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal)
                         else:
                             return None
                 else: