This project is an ongoing experiment testing the theoretical aspects of side channel attacks on cryptographic operations such as signature verification. Currently this tool can execute a timing attack against a local or remote server that is using a linear time equality check to verify a signature. Unfortuantely right now time is not being measured in the most precise way (python urlib module).
client web_timing_attack
server side web timing attack
Todo:
+ Find a more accurate way to measure response times such as TCP RTT.
+ Write unit tests for determining the byte based on timestamps.
Use and download from git:
git clone git@github.com:dkhonig/web_timing_attack.git && cd web_timing_attack pip install -r requirements.txt Start the server: ./server.py ./web_timing_attack.py -h
Source: https://github.com/dkhonig