Hannah-PortSwigger
commented
1 year ago Thanks for the feedback! We've raised this as a feature request to be discussed further.
Closed Pyvonix closed 1 year ago
Hannah-PortSwigger
commented
1 year ago Thanks for the feedback! We've raised this as a feature request to be discussed further.
Hannah-PortSwigger
commented
1 year ago This is a similar feature request to #32 and #72
Pyvonix
commented
1 year ago Hi @Hannah-PortSwigger,
No, this feature is not about the time it takes to make a request (as explain in #32 ).
This enhancement is to provide a boolean to know when a request raises the TimeoutException or not.
Use case:
Who could I know my rule successfully works? The sent request will not have any response, so I will not be able to trigger any finding.
This is not the same usage than #32, which expected to test sql time based injection.
Michelle-PortSwigger
commented
1 year ago I'll check with the team exactly which scenarios the feature request here would cover. For example, whether it will cover cases where there is no response from the server as well as delayed responses. I'll be in touch soon with an update.
Michelle-PortSwigger
commented
1 year ago Hi
I've checked with the team this morning, and we do have both scenarios covered in the feature requests we have created for further discussion and are monitoring here. I'll leave this open for now to make it clearer that both enhancements have been logged.
Pyvonix
commented
1 year ago Thank you,
Waiting to see the new feature to tell you if it covers this usage.
Hi PortSwigger team,
I propose the add a response's keyword:
timeoutas boolean value to know when the request didn't get a respond from the server for vulns like DOS.Thank you.