Tool Ideas
June 4th, 2009
So, I’ve written some Ruby classes that interact with a web application that provides web service-like functions. One of the “interesting” features it provides is authentication. Having created the Ruby API to authenticate users I now want to try to use timing attacks to enumerate valid usernames. Unfortunately, I have not been able to find anything that fills this role. There is Benchmark, but it is more focused on CPU-like measurements. I’d like a tool that is focused on measuring time between HTTP requests and responses and makes adjustments for any overhead associated with Ruby itself.