web_timing_attack - An experiment side channel attacks on cryptographic operations such as signature verification.

web_timing_attack – An experiment side channel attacks on cryptographic operations such as signature verification.

This project is an ongoing experiment testing the theoretical aspects of side channel attacks on cryptographic operations such as signature verification. Currently this tool can execute a timing attack against a local or remote server that is using a linear time equality check to verify a signature. Unfortuantely right now time is not being measured in the most precise way (python urlib module).

client web_timing_attack

client web_timing_attack

server side web timing attack

server side web timing attack

Todo:
+ Find a more accurate way to measure response times such as TCP RTT.
+ Write unit tests for determining the byte based on timestamps.

Use and download from git:

Source: https://github.com/dkhonig