Skip to content

andresriancho/pico

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
calculate-pair-diff.py
calculate-pair-diff.py
 
 
extract-auto-rank.py
extract-auto-rank.py
 
 
graph-pair-diff.py
graph-pair-diff.py
 
 
graph-results.py
graph-results.py
 
 
requirements.txt
requirements.txt
 
 
stats-compare-results.py
stats-compare-results.py
 
 
timing-collector.py
timing-collector.py
 
 
top-10-faster.py
top-10-faster.py
 
 

Repository files navigation

Pico

Tool to identify and exploit timing attacks.

Timing attacks were a completely unknown field to me, so I took a lot of notes comparing previously developed tools, measurement and statistical analysis methods. The notes can be found in the wiki.

Install

virtualenv pico-venv
source pico-venv/bin/activate

git clone git@github.com:andresriancho/pico.git
cd pico
pip install -r requirements.txt

Starting Target Web Application

Check the django-rest-framework-timing repository for instructions on how to start a vulnerable application.

Getting Timing Samples

Please note that this tool is Linux-specific and requires root privileges to run due to the OS tricks implemented in the os_utils.py module.

Edit the constants in timing-collector.py and then:

sudo -s -H
source pico-venv/bin/activate

cd pico
python timing-collector.py sample-name

Analyzing Samples

Edit the token values in graph-results.py and then:

python graph-results.py sample-name

About

Tool to identify and exploit timing attacks

Resources

Readme

License

GPL-3.0 license
Activity

Stars

10 stars

Watchers

5 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages