Add response.time property

[Sh1Yo]

Sometimes it's necessary to compare the times that a server spent for a response so this property will be very useful.

[A-J-C]

Great point, it would open up a whole new avenue for timing based attacks.

[mrrootsec]

Yes please,it would be very helpful in time based attacks detection.

[abdilahrf]

👍

[ayadim]

Any news about this enhancement ? until now am creating a bcheck script with time-based payloads but the detection is not possible so am reading the Logger to detect time based issues.

[Sh1Yo]

Remembered this thing after receiving a notification and decided to add a random thought -- maybe solve problems that aren't allowing adding normal scripting like python3 in turbo intruder? The main reason I am not using bchecks and probably won't use it ever is because there's not enough functionality. Moreover, it seems impossible to add every possible function somebody will need.

[ayadim]

for now am using Burp Bount free version to create profiles this do what i want .. Bcheck has big potential to be one of the greate factories to create custom scripts i hope we will see more additions.

[Michelle-PortSwigger]

We're currently working on what will go into the next iteration. We're at the early stages, though, so we can't make any promises yet... we've got quite a few contenders for the time available.

It’s great to hear you’re enjoying using BChecks and want to push them further :)

[ayadim]

Believe me bcheck has great potential to be one of the main functions in burp ... adding other functions to language will makes it powerfull.

Thank you team ,

Regads

[ZeeshanDarasa]

Was creating a DoS detection bCheck for an application known to have DoS issues, need the response.time field

[Michelle-PortSwigger]

Thanks for getting in touch. We'll add your vote for this feature. We don't have any timescales as yet, we're still tracking how many people would find this useful and will use this information to help us prioritize new features.