Skip to main content

CBC PKCS7 Padding Oracle Attack engine

Project description

Paddown

Paddown is an AES CBC PKCS7 Padding Oracle Attack engine. It simplifies performing Padding Oracle Attack on a vulnerable encryption service. This is useful for both CTF and real-world attacks, where you are in possession of a ciphertext, and have a so called Padding Oracle available.

Usage

  • Using Paddown is as easy as subclassing the Paddown class overwriting the hasValidPadding(...) method retuning a bool. As argument it takes ciphertext to test against the Padding Oracle. Have your implementation return True if you receive no padding error and False otherwise.

  • Now you are ready to call .decrypt() on your class and start decrypting your ciphertext.

Examples can be found in the ./examples directory.

Development

The project can be setup with

python3 -m venv .venv
.venv/bin/activate
pip install -r requirements/dev.txt
pre-commit install

Pull requests

We are open to pull requests.

We use black, flake8 and isort for linting, and implement unit testing using pytest. A pre-commit configuration file has been added, for checking against these linters before comitting.

Please squash all commits when merging a pull request.

Testing

To run the unittests, simply run pytest.

Project details


Release history Release notifications

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for Paddown, version 0.1.0
Filename, size File type Python version Upload date Hashes
Filename, size Paddown-0.1.0-py3-none-any.whl (4.1 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size Paddown-0.1.0.tar.gz (3.2 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page