CBC PKCS7 Padding Oracle Attack engine
Paddown is an AES CBC PKCS7 Padding Oracle Attack engine. It simplifies performing Padding Oracle Attack on a vulnerable encryption service. This is useful for both CTF and real-world attacks, where you are in possession of a ciphertext, and have a so called Padding Oracle available.
Using Paddown is as easy as subclassing the
Paddownclass overwriting the
hasValidPadding(...)method retuning a
bool. As argument it takes ciphertext to test against the Padding Oracle. Have your implementation return
Trueif you receive no padding error and
Now you are ready to call
.decrypt()on your class and start decrypting your ciphertext.
Examples can be found in the
The project can be setup with
python3 -m venv .venv .venv/bin/activate pip install -r requirements/dev.txt pre-commit install
We are open to pull requests.
Please squash all commits when merging a pull request.
To run the unittests, simply run
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.