Closed laluka closed 1 year ago
Might also be related to this early issue if you use locally a different build process than the one in your research article :) https://github.com/PortSwigger/turbo-intruder/issues/4
Thanks for the high quality report, I should be able to resolve this next week by eliminating the dependencies between ThreadedRequestEngine and Utils.helpers / Utils.callbacks.
I've just pushed some updates which should fix this, let me know if you have any further issues. Thanks!
Compiles, works like a charm! Might be nice to see the table element move to a dict ? Or have another structured way to store only interesting results while the scan runs, instead of having a big filter at the end
Doing something like this works, but might be memory consuming for big wordlists :sweat:
def completed(table):
findings = dict()
for finding in table:
key = "%d:%d" % (finding.status, finding.length)
findings[key] = finding
for status, req in findings.items():
print "\n\n\n\n\n*****", status, "*****"
print req.request
print req.response
Thanks again for this efficient bugfix! :tulip:
The only requests that are stored are those that you place in the table by using table.add()
inside handleResponse()
. For larger/long-running attacks I suggest doing your filtering at runtime in handleResponse()
, simply by being selective about calling table.add()
. Many simple filters are easily applied using the decorator system: https://github.com/PortSwigger/turbo-intruder/blob/master/decorators.md
I totally agree on the fact that the filtering should be done in handleResponse, but as it's a list, and to ensure only interesting results are added, I usually work with a dict that use concat(resp.status_code, ":", resp.len) as a key. As this uses a hashtable it's complexity remains low. But adding only unique elements to a lists seems to force the use of iterators and thus pushes the complexity to n^2
A workaround (for me) would be to declare a global variable and make it available in both these functions and leaving the table aside, or storing my dict in table[0], but it feels flaky, thus discussing another approach for the "findings bag" and its format! :)
It sounds like you're optimising for CPU use, but I think you'll find Turbo Intruder is bottlenecked by network speed, and eventually RAM for long running attacks that store lots of data.
I might have misunderstood something, but for your use-case I would
I'm pretty rusty but to my mind that should be reasonably efficient.
Both for CPU & memory use, but you're totally right for the throttle on the network... :sweat_smile:
The idea you're sharing totally works, like the one I suggested, but it requires having a global object on the two function handlers to place stuff in, keep some context, and filter
The question was, "Should we keep only the table as a long-lived data holder or something more structured?"
But it's flexible enough, so there is no real need to change how things work, it would just improve a bit the readability, but who cares it's offensive stuff! :heart_decoration:
I think we're good here, thanks again for taking the time to discuss this!
Description
The CLI runtime breaks on the most recent versions of turbo-intruder due to high dependencies on burp utils.
I've also experienced issues for building with the repo's current gradlew, thus advising a generic and reproductible use of sdkman:
Suggestions
Runs & Logs
OK on 1.0.19 (expected behavior)
KO on master (suffered behavior)
End Node
By reading the logs, only
stringToBytes
seems to be a problem for now, but the others members of this class might bite us later:Side-files for test purpose
/opt/turbo-intruder/resources/examples/basic.py
/opt/sulfateuse/tests/test_params
/opt/turbo-intruder/resources/examples/request.txt
Debug server (similar but not same):
python3 -m http.server 5000