added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)

2024-11-22 09:36:35 +03:00 · 2010-05-13 11:05:35 +00:00 · 2010-05-13 11:05:35 +00:00 · ca3e12ae73
commit ca3e12ae73
parent 762781e94d
6 changed files with 16 additions and 8 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1107,3 +1107,6 @@ def parseXmlFile(xmlFile, handler):
    parse(stream, handler)
    stream.close()
    xfile.close()
+
+def calculateDeltaSeconds(start, epsilon=0.05):
+    return int(time.time() - start + epsilon)
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -26,6 +26,7 @@ import re
 import time

 from lib.core.agent import agent
+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import cleanQuery
 from lib.core.common import dataToSessionFile
 from lib.core.common import expandAsteriskForColumns
@ -55,7 +56,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha

    count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar)

-    debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start))
+    debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
    logger.debug(debugMsg)

    return value
--- a/lib/techniques/blind/timebased.py
+++ b/lib/techniques/blind/timebased.py
@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 import time

 from lib.core.agent import agent
+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getDelayQuery
 from lib.core.data import conf
 from lib.core.data import kb
@ -43,7 +44,7 @@ def timeTest():
    payload   = agent.payload(newValue=query)
    start     = time.time()
    _         = Request.queryPage(payload)
-    duration  = int(time.time() - start)
+    duration  = calculateDeltaSeconds(start)

    if duration >= conf.timeSec:
        infoMsg  = "the parameter '%s' is affected by a time " % kb.injParameter
@ -64,7 +65,7 @@ def timeTest():
        timeQuery  = getDelayQuery(andCond=True)
        start      = time.time()
        payload, _ = inject.goStacked(timeQuery)
-        duration   = int(time.time() - start)
+        duration   = calculateDeltaSeconds(start)

        if duration >= conf.timeSec:
            infoMsg  = "the parameter '%s' is affected by a time " % kb.injParameter
@ -84,6 +85,6 @@ def timeTest():
 def timeUse(query):
    start      = time.time()
    _, _       = inject.goStacked(query)
-    duration   = int(time.time() - start)
+    duration   = calculateDeltaSeconds(start)

    return duration
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -26,6 +26,7 @@ import re
 import time

 from lib.core.agent import agent
+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import parseUnionPage
 from lib.core.data import conf
 from lib.core.data import kb
@ -228,7 +229,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
        endPosition = resultPage.rindex(temp.stop) + len(temp.stop)
        value = str(resultPage[startPosition:endPosition])

-        duration = int(time.time() - start)
+        duration = calculateDeltaSeconds(start)

        debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
        logger.debug(debugMsg)
--- a/lib/techniques/outband/stacked.py
+++ b/lib/techniques/outband/stacked.py
@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import time

+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getDelayQuery
 from lib.core.data import conf
 from lib.core.data import kb
@ -45,7 +46,7 @@ def stackedTest():
    query      = getDelayQuery()
    start      = time.time()
    payload, _ = inject.goStacked(query)
-    duration   = int(time.time() - start)
+    duration   = calculateDeltaSeconds(start)

    if duration >= conf.timeSec:
        infoMsg  = "the web application supports stacked queries "
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 import re
 import time

+from lib.core.common import calculateDeltaSeconds
 from lib.core.common import dataToSessionFile
 from lib.core.common import safeStringFormat
 from lib.core.common import randomStr
@ -89,7 +90,7 @@ def queryOutputLength(expression, payload):
    lengthExprUnescaped = unescaper.unescape(lengthExpr)
    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)

-    debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start))
+    debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
    logger.debug(debugMsg)

    if length == " ":
@ -186,7 +187,7 @@ def resume(expression, payload):
        start = time.time()
        count, finalValue = bisection(payload, newExpr, length=missingCharsLength)

-        debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start))
+        debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
        logger.debug(debugMsg)

        if len(finalValue) != ( int(length) - len(resumedValue) ):