Sqli error regexps cut off

user021's Avatar

user021

26 Sep, 2013 05:41 PM

You might not agree this since is far from the idea of simplicity but i thought ill give it a try, why not. I thought how could we cut off the length of sqli regexps so this came into my mind, if we create another list of regexps but those much shorter, those will fire first, if match is found the second list of regexps (actual one) will be run against that specific result

as example let's take sqlite, those are the actual regexps:

"Warning.*sqlite_.* Warning.*SQLite3::
SQLite/JDBCDriver
SQLite.Exception
System.Data.SQLite.SQLiteException"

would become something like :

"Warning

SQLite
System"

per total, much shorter, much faster, less resources used to compare, what u think?xD

  1. Support Staff 1 Posted by Tasos Laskos on 26 Sep, 2013 05:49 PM

    Tasos Laskos's Avatar

    Was thinking of the same thing. Though I don't have to maintain a shorter list, I can optimize it as is.

    I can just pick a word from each regexp and then only match regexps whose word appears in the response body.

    I had benchmarked something similar in the past but the results weren't beneficial enough to be worth the extra complexity, although I have a few new ideas which may increase performance.

  2. Support Staff 2 Posted by Tasos Laskos on 26 Sep, 2013 06:07 PM

    Tasos Laskos's Avatar

    Just out of curiosity, how much of a difference does this make?
    https://github.com/Arachni/arachni/commit/ce57be3cb34d9595488b1ecb9...

  3. Support Staff 3 Posted by Tasos Laskos on 26 Sep, 2013 06:56 PM

    Tasos Laskos's Avatar

    Our idea didn't work...all things considered, it only shaved off a few miliseconds and made the code much more complex.

  4. Tasos Laskos closed this discussion on 26 Sep, 2013 06:56 PM.

  5. user021 re-opened this discussion on 26 Sep, 2013 07:37 PM

  6. 4 Posted by user021 on 26 Sep, 2013 07:37 PM

    user021's Avatar

    Yeah, doesn't seem any difference with that fix, but is not the same thing like i said above, right ? we could compress the regexps data down to idk....20% ? since there's alot of "Warning" and such and it won't make any sense not to be much faster.

  7. Support Staff 5 Posted by Tasos Laskos on 26 Sep, 2013 07:56 PM

    Tasos Laskos's Avatar

    The regexp engine does a lot of those optimizations itself, it didn't matter much when I tried it.

  8. 6 Posted by user021 on 26 Sep, 2013 08:01 PM

    user021's Avatar

    Well then, idk, i guess worthed trying

  9. user021 closed this discussion on 26 Sep, 2013 08:01 PM.

  10. Tasos Laskos re-opened this discussion on 27 Sep, 2013 01:56 AM

  11. Support Staff 7 Posted by Tasos Laskos on 27 Sep, 2013 01:56 AM

    Tasos Laskos's Avatar

    Nope, I was wrong, sorry about that, it's actually working quite nicely. :)
    The difference becomes more apparent when analyzing large response bodies.

    https://github.com/Arachni/arachni/commit/73bd3be2410509279416b9350...

    You'll still see 100% CPU usage but analysis will be faster overall.

  12. 8 Posted by user021 on 27 Sep, 2013 10:06 AM

    user021's Avatar

    Oyes this feels much better, on average my CPU went down from 100%+ to ~50%, nice work : )

  13. user021 closed this discussion on 27 Sep, 2013 10:07 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac