Statistical timing side-channel analysis for Burp Suite.
OffTempo is a Burp Suite extension that captures HTTP response timing data from Intruder attacks and performs statistical analysis to detect timing-based side channels. It compares two pools of requests and tells you whether the observed latency differences are meaningful or just noise.
Useful for detecting:
- Resource enumeration via response time differentials
- Timing-based blind SQL injection
- Password / authentication timing attacks
- Any scenario where server-side branching leaks through response latency
The primary metric is AUC (Area Under the Curve) via Mann–Whitney U - intuitively, the probability that a random observation from a set of requests exceeds one from another set. Additional statistics (Cohen's d, p-value, standard deviation, p95/p99) are provided for deeper analysis.
- Download the latest
offtempo.jarfrom the Releases page - In Burp Suite, go to Extensions → Installed → Add
- Set Extension type: Java and load the JAR
Requires Java 17+ and Gradle.
git clone https://github.com/anvilventures/offtempo.git
cd offtempo
./gradlew bigJar
The JAR is generated under build/libs/. Load it into Burp Suite as above.
- Enable capture: Toggle timing capture on in the OffTempo tab
- Fill Pool A: Set up an Intruder attack for your first class of requests (e.g. a known existing resource) and run it. Timing data flows into Pool A automatically. Aim for at least 30–50 requests per pool to reduce the impact of network jitter and get statistically reliable results.
- Switch to Pool B: Select Pool B in OffTempo, then run a second Intruder attack for your other class of requests (e.g. a known non-existing resource).
- Run analysis: Click Run. OffTempo computes the AUC score, plots both distributions, and outputs statistical metrics.
