Improve client to measure response times without X-Runtime header

andresriancho / pico

Tool to identify and exploit timing attacks

GNU General Public License v3.0

10 stars 6 forks source link

Improve client to measure response times without X-Runtime header #4

Closed andresriancho closed 8 years ago

andresriancho commented 8 years ago

Improve client to measure response times without X-Runtime header and reproduce results obtained with the header.

andresriancho commented 8 years ago

https://github.com/seecurity/mona-timing-lib

Special attention to:

Configuration

Disable Intel Speedstep in your machine's BIOS or use the cpufreq utilities.

Beside the frequency of your CPU, there are some "sleep-states" c-states to save power. The clock is stopped for a short period of time if the CPU is idle. Consequently, CPU ticks have different time durations.

On Ubuntu Linux machines, you can disable this feature by adding idle=poll to the kernel parameters.

andresriancho commented 8 years ago

https://github.com/ecbftw/nanown/blob/master/trunk/bin/sampler#L227-L229

andresriancho commented 8 years ago

https://stackoverflow.com/questions/11731445/timestamp-outgoing-packets

andresriancho commented 8 years ago

Measure using packets? https://youtu.be/KirTCSAvt9M?t=598

That would potentially break https support? What about HTTP connection pools in http client? Would it be easy to understand when the server starts the answer and when it finishes? What about servers which "stream" the response headers first and then calculate the body "part by part"?