username-enumeration-via-response-timing
This repository is solution to assignment on Data Security Course. It is a portswigger Lab which was assigned to me to solve.
Description
I have provided comments on code, and it is much more clear that I prefer not to over explain them. But here some tips I wanna explain:
- Implemented a statistics approach to distinguish between usernames.
- Used random ip generator.
Result
Although I found the username with high response time, but none of the password provided didn't work, and I was not able to sign in.
You can observe that the script found the usernames in sorted array based on response-time.
