timeinator icon indicating copy to clipboard operation
timeinator copied to clipboard

Published 20 hours ago verified publisher icon FSecureLABS

Timenator stuck at 50%, only using first payload

Open dial25sd opened this issue 1 year ago • 5 comments

Timeinator has been working flawlessy a few weeks ago, but is now showing an unexpected behaviour: Each run gets stuck at exactly 50% progress. Logger++ reveals that requests are being properly sent by the extension, yet only for the very first payload. Subsequent payloads are being ignored. The intended timing analysis is hence impossible.

Observed this behaviour on different OS's, e.g. Win 10 and MacOS. Currently on Burp Pro v2022.8.2.

Let me know if I can help with more debug info to track this down.

dial25sd avatar Sep 01 '22 08:09 dial25sd

Ran into the same thing, came here to see if others had similar problems. Since this is posted back in September, I might just start debugging and look for a solution. I rely on this plugin for the standard deviation results 😬

ustayready avatar Dec 12 '22 17:12 ustayready

Found my problem, if the response doesn't have the field content-length, the rowData list can't get populated because the variable content_length never gets instantiated. The fix is simple, add a content_length variable and set it to 0:

Before

            analysis = self._helpers.analyzeResponse(
                response.getResponse())
            for header in analysis.getHeaders():
                if header.lower().startswith("content-length"):
                    content_length = int(header.split(": ")[1])
            meanTime = round(mean(results), 3)
            medianTime = round(median(results), 3)
            stdDevTime = round(stdDev(results), 3)
            minTime = int(min(results))
            maxTime = int(max(results))
            rowData = [
                payload, numReqs, statusCode,
                len(response.getResponse()), content_length, minTime,
                maxTime, meanTime, medianTime, stdDevTime]

After:

            analysis = self._helpers.analyzeResponse(
                response.getResponse())
            content_length = 0
            for header in analysis.getHeaders():
                if header.lower().startswith("content-length"):
                    content_length = int(header.split(": ")[1])
            meanTime = round(mean(results), 3)
            medianTime = round(median(results), 3)
            stdDevTime = round(stdDev(results), 3)
            minTime = int(min(results))
            maxTime = int(max(results))
            rowData = [
                payload, numReqs, statusCode,
                len(response.getResponse()), content_length, minTime,
                maxTime, meanTime, medianTime, stdDevTime]

ustayready avatar Dec 12 '22 17:12 ustayready

Ran into the same problem, would be great if somebody could merge the patch above...

ret2src avatar May 08 '23 13:05 ret2src

@ret2src @ustayready thank you for the fox. If you submit a pull request, I’ll accept it (if I still can since I no longer work at F-Secure)

Grezzo avatar May 09 '23 10:05 Grezzo

@Grezzo thank you very much, I've opened a PR: https://github.com/FSecureLABS/timeinator/pull/5

ret2src avatar May 09 '23 13:05 ret2src