October 2016
Beginner to intermediate
650 pages
14h 43m
English
The only difficult thing about performing time-based SQL Injections is that plague of gamers everywhere, lag. A human can easily sit down and account for lag mentally, taking a string of returned values, and sensibly going over the output and working out that cgris is chris. For a machine, this is much harder; therefore, we should attempt to reduce delay.
We will be creating a script that makes multiple requests to a server, records the response time, and returns an average time. This can then be used to calculate fluctuations in responses in time-based attacks known as jitter.
Identify the URLs you wish to attack and provide to the script through a sys.argv variable:
import requests import sys url = sys.argv[1] values ...
Read now
Unlock full access