Ability to view the delay of a response in a column (Intruder)
May be very useful while testing for time based injection (sql, command, aso) to see the delay of a response returned by the remote webserver.
This information is already captured, but is hidden by default! You can turn it on using the Columns menu, and select “Response received” / “Response completed”.
The two timers contain different information – the time taken for a response to start and finish, respectively. Some time-based attacks cause a delay before a response starts (if the whole server-side logic is executed first) while some cause a delay while the response is already being streamed (e.g. if the headers are sent first, and then some further server-side processing happens on your input). So we definitely wouldn’t want to have a single column with only one of these bits of information.
By “computed time delay”, do you mean the difference between the current item’s timer and the base response timer? Since this would simply mean subtracting a fixed value from every row in the table, I don’t see that this would be any more useful than reporting the actual response times.