implemented validation for time-based inference

stamparm · stamparm · commit b1dc928e68a2 · 2011-01-31T16:07:23.000Z
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -86,6 +86,9 @@
 # character used for operation "equals" in inference
 INFERENCE_EQUALS_CHAR = "="
 
+# character used for operation "not-equals" in inference
+INFERENCE_NOT_EQUALS_CHAR = "!="
+
 # string used for representation of unknown dbms version
 UNKNOWN_DBMS_VERSION = "Unknown"
 
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
@@ -40,6 +40,7 @@
 from lib.core.settings import INFERENCE_UNKNOWN_CHAR
 from lib.core.settings import INFERENCE_GREATER_CHAR
 from lib.core.settings import INFERENCE_EQUALS_CHAR
+from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 
@@ -144,6 +145,16 @@ def tryHint(idx):
 
         return None
 
+    def validateChar(idx, value):
+        """
+        used in time based inferences (in case of delay compared values are not equal)
+        """
+        forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
+        queriesCount[0] += 1
+        result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
+
+        return not result
+
     def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is None):
         """
         continuousOrder means that distance between each two neighbour's
@@ -171,7 +182,7 @@ def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is N
 
             if result:
                 return chr(charTbl[0]) if charTbl[0] < 128 else decodeIntToUnicode(charTbl[0])
-            else: 
+            else:
                 return None
 
         maxChar = maxValue = charTbl[-1]
@@ -230,7 +241,11 @@ def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is N
                     else:
                         retVal = minValue + 1
                         if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
-                            return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal)
+                            if timeBasedCompare and not validateChar(idx, retVal):
+                                logger.error("invalid character detected. retrying...")
+                                return getChar(idx, originalTbl, continuousOrder, expand)
+                            else:
+                                return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal)
                         else:
                             return None
                 else:
