Skip to content
Timing Attack Demo for the Everyday Webdev
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app
bin
config
db
hackz0r
lib
log
public
tmp
vendor
.dockerignore
.gitignore
.rubocop.yml
.ruby-version
Dockerfile
Gemfile
Gemfile.lock
README.md
Rakefile
config.ru
package.json

README.md

Great Scott

A practical guide to timing attacks for the every day web dev.

Guide

Read the full blog post that accompanies this repo here: https://www.simplethread.com/great-scott-timing-attack-demo/

Setup

docker build -t great_scott .
docker run -d -p 3000:3000 --name great_scott great_scott
docker exec -i -t great_scott /bin/bash
# Cleanup when done
docker stop great_scott && docker rm great_scott

Access web server on localhost:3000


OR install dependencies directly...

  • Install ruby 2.5.1. If using rbenv then rbenv install 2.5.1
  • Install bundler. gem install bundler
  • Install dependencies for this application: bundle install
  • Run server and access it on localhost:3000
bundle exec rails s

Credentials to sign in as admin: Username: admin@account.com Password: Password123!

Run Timing Attacks

These scripts are setup around the starting seed data:

bundle exec rake db:drop db:create db:migrate db:setup
bundle exec ruby hackz0r/basic_compare.rb
bundle exec ruby hackz0r/find_digits.rb
bundle exec ruby hackz0r/coup_de_grace.rb
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.