Tick Tock Enumerator

TickTockEnum is a timing-based enumeration extension that identifies vulnerabilities through response time analysis. The extension detects discrepancies in server response times between valid and invalid inputs, making it particularly effective for username enumeration attacks where authentication timing varies based on user existence.

Features

• Automated timing analysis with configurable request volumes
• Visual graph generation for response time comparison
• Tabular results display with response times and status codes
• Single-threaded request processing for maximum timing accuracy
• CSV and JPG export capabilities for reporting
• Placeholder-based request templating with $ticktock$ marker

Usage

1. Right-click on any HTTP request in Proxy, Repeater, or Target and select "Send to TickTock Enum"
2. Configure the extension parameters:
   • Set a known valid input (e.g., existing username)
   • Set a known invalid input (e.g., non-existent username)
   • Place $ticktock$ placeholder where enumeration data should be injected
   • Specify the number of requests per input value
3. Verify connection settings (host, port, protocol) are correctly populated
4. Click "Start" to begin the enumeration process
5. Analyze results in the table and graph showing response time patterns
6. Export results as CSV data or graph images for documentation

Note: Use caution with login forms to avoid account lockouts. The extension sends requests sequentially for accurate timing measurements.