Burp Suite User Forum

Login to post

Ability to view the delay of a response in a column (Intruder)

Cristiano | Last updated: Jan 26, 2015 01:20PM UTC

May be very useful while testing for time based injection (sql, command, aso) to see the delay of a response returned by the remote webserver.

PortSwigger Agent | Last updated: Jan 26, 2015 01:53PM UTC

This information is already captured, but is hidden by default! You can turn it on using the Columns menu, and select "Response received" / "Response completed".

Burp User | Last updated: Feb 02, 2015 10:41AM UTC

Yeah indeed, but will be more useful to have a single column with the computed delay value

PortSwigger Agent | Last updated: Feb 02, 2015 11:21AM UTC

The two timers contain different information - the time taken for a response to start and finish, respectively. Some time-based attacks cause a delay before a response starts (if the whole server-side logic is executed first) while some cause a delay while the response is already being streamed (e.g. if the headers are sent first, and then some further server-side processing happens on your input). So we definitely wouldn't want to have a single column with only one of these bits of information. By "computed time delay", do you mean the difference between the current item's timer and the base response timer? Since this would simply mean subtracting a fixed value from every row in the table, I don't see that this would be any more useful than reporting the actual response times.

Burp User | Last updated: Feb 05, 2015 04:28PM UTC

make sense; now the logic behind the values reported in the two column is more clear to me. thanks

yashwanth | Last updated: Jun 16, 2020 11:25AM UTC

can you tell me what is response received and response completed ?are these terms related to server side or client side?please explain.

Uthman, PortSwigger Agent | Last updated: Jun 16, 2020 12:15PM UTC

Response received is the time taken to begin receiving a response, whilst response completed is the time taken for the response to complete. You can find out further information below: - https://portswigger.net/burp/documentation/desktop/tools/intruder/attacks

You need to Log in to post a reply. Or register here, for free.