-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add response.time property #32
Comments
Great point, it would open up a whole new avenue for timing based attacks. |
Yes please,it would be very helpful in time based attacks detection. |
👍 |
Any news about this enhancement ? until now am creating a bcheck script with time-based payloads but the detection is not possible so am reading the Logger to detect time based issues. |
Remembered this thing after receiving a notification and decided to add a random thought -- maybe solve problems that aren't allowing adding normal scripting like python3 in turbo intruder? The main reason I am not using bchecks and probably won't use it ever is because there's not enough functionality. Moreover, it seems impossible to add every possible function somebody will need. |
We're currently working on what will go into the next iteration. We're at the early stages, though, so we can't make any promises yet... we've got quite a few contenders for the time available. It’s great to hear you’re enjoying using BChecks and want to push them further :) |
Was creating a DoS detection bCheck for an application known to have DoS issues, need the response.time field |
Thanks for getting in touch. We'll add your vote for this feature. We don't have any timescales as yet, we're still tracking how many people would find this useful and will use this information to help us prioritize new features. |
adding response.time is very useful for time based SQLi templates (because default SQLi in burp is very noisy) by adding response.time user can custom set only ONE blind sqli payload and this will not cause noise and speed up the scanning process. |
Thanks for your feedback. We've registered your interest in this functionality. |
I am still conservatively troubled by the following rules generated by ChatGPT, and hope to add .time-related parameters. I find the current syntax rules a bit strange. Could you add usage instructions for all available functions in the official documentation? This would make it easier for users new to bchecks to quickly confirm whether they can use the functions they expect to use.
|
Hi @kenyon-wong Could you provide some additional clarifications around what you mean by "usage examples"? We have various examples available in our documentation, as well as having some worked example BChecks available. |
Thank you very much for your patient guidance. I sincerely apologize for my previous oversight. At your reminder, I carefully read the "Reserved variables" section in the bcheck-definition-reference and indeed found the list of all available variables. This was important information that I had overlooked earlier, and I apologize again for this. Returning to the main topic of this issue, I would like to elaborate on my suggestions:
The addition of these two variables could provide more flexibility and functionality to BCheck scripts, making security testing more comprehensive and efficient. I understand that this might require additional development work, but I believe it would greatly enhance the functionality of BurpSuite. If you find these suggestions valuable, would you consider implementing them in future versions? Thank you again for your attention and feedback. |
Hi @kenyon-wong I'm glad that the documentation has been helpful for you! We do already have feature requests for your two points, so I've added your +1 to these. If there's anything else we can help with, then please let us know. |
Sometimes it's necessary to compare the times that a server spent for a response so this property will be very useful.
The text was updated successfully, but these errors were encountered: