diff --git a/lib/core/common.py b/lib/core/common.py index 94ba94276..5619f81c1 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1107,3 +1107,6 @@ def parseXmlFile(xmlFile, handler): parse(stream, handler) stream.close() xfile.close() + +def calculateDeltaSeconds(start, epsilon=0.05): + return int(time.time() - start + epsilon) \ No newline at end of file diff --git a/lib/request/inject.py b/lib/request/inject.py index 1ede569a3..d07ef797a 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -26,6 +26,7 @@ import re import time from lib.core.agent import agent +from lib.core.common import calculateDeltaSeconds from lib.core.common import cleanQuery from lib.core.common import dataToSessionFile from lib.core.common import expandAsteriskForColumns @@ -55,7 +56,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar) - debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start)) + debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start)) logger.debug(debugMsg) return value diff --git a/lib/techniques/blind/timebased.py b/lib/techniques/blind/timebased.py index 5e7e6a5a6..68ae8aa5e 100644 --- a/lib/techniques/blind/timebased.py +++ b/lib/techniques/blind/timebased.py @@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import time from lib.core.agent import agent +from lib.core.common import calculateDeltaSeconds from lib.core.common import getDelayQuery from lib.core.data import conf from lib.core.data import kb @@ -43,7 +44,7 @@ def timeTest(): payload = agent.payload(newValue=query) start = time.time() _ = Request.queryPage(payload) - duration = int(time.time() - start) + duration = calculateDeltaSeconds(start) if duration >= conf.timeSec: infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter @@ -64,7 +65,7 @@ def timeTest(): timeQuery = getDelayQuery(andCond=True) start = time.time() payload, _ = inject.goStacked(timeQuery) - duration = int(time.time() - start) + duration = calculateDeltaSeconds(start) if duration >= conf.timeSec: infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter @@ -84,6 +85,6 @@ def timeTest(): def timeUse(query): start = time.time() _, _ = inject.goStacked(query) - duration = int(time.time() - start) + duration = calculateDeltaSeconds(start) return duration diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index e3a96ec40..fdc508dab 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -26,6 +26,7 @@ import re import time from lib.core.agent import agent +from lib.core.common import calculateDeltaSeconds from lib.core.common import parseUnionPage from lib.core.data import conf from lib.core.data import kb @@ -228,7 +229,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh endPosition = resultPage.rindex(temp.stop) + len(temp.stop) value = str(resultPage[startPosition:endPosition]) - duration = int(time.time() - start) + duration = calculateDeltaSeconds(start) debugMsg = "performed %d queries in %d seconds" % (reqCount, duration) logger.debug(debugMsg) diff --git a/lib/techniques/outband/stacked.py b/lib/techniques/outband/stacked.py index 5f8afbd2f..34710622a 100644 --- a/lib/techniques/outband/stacked.py +++ b/lib/techniques/outband/stacked.py @@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import time +from lib.core.common import calculateDeltaSeconds from lib.core.common import getDelayQuery from lib.core.data import conf from lib.core.data import kb @@ -45,7 +46,7 @@ def stackedTest(): query = getDelayQuery() start = time.time() payload, _ = inject.goStacked(query) - duration = int(time.time() - start) + duration = calculateDeltaSeconds(start) if duration >= conf.timeSec: infoMsg = "the web application supports stacked queries " diff --git a/lib/utils/resume.py b/lib/utils/resume.py index 97701b035..2c909c30f 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import re import time +from lib.core.common import calculateDeltaSeconds from lib.core.common import dataToSessionFile from lib.core.common import safeStringFormat from lib.core.common import randomStr @@ -89,7 +90,7 @@ def queryOutputLength(expression, payload): lengthExprUnescaped = unescaper.unescape(lengthExpr) count, length = bisection(payload, lengthExprUnescaped, charsetType=2) - debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start)) + debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start)) logger.debug(debugMsg) if length == " ": @@ -186,7 +187,7 @@ def resume(expression, payload): start = time.time() count, finalValue = bisection(payload, newExpr, length=missingCharsLength) - debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start)) + debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start)) logger.debug(debugMsg) if len(finalValue) != ( int(length) - len(resumedValue) ):