CBC PKCS7 Padding Oracle Attack engine
Project description
Paddown
Paddown is an AES CBC PKCS7 Padding Oracle Attack engine. It simplifies performing Padding Oracle Attack on a vulnerable encryption service. This is useful for both CTF and real-world attacks, where you are in possession of a ciphertext, and have a so called Padding Oracle available.
Usage
-
Using Paddown is as easy as subclassing the
Paddownclass overwriting thehasValidPadding(...)method retuning abool. As argument it takes ciphertext to test against the Padding Oracle. Have your implementation returnTrueif you receive no padding error andFalseotherwise. -
Now you are ready to call
.decrypt()on your class and start decrypting your ciphertext.
Examples can be found in the ./examples directory.
Development
The project can be setup with
python3 -m venv .venv
.venv/bin/activate
pip install -r requirements/dev.txt
pre-commit install
Pull requests
We are open to pull requests.
We use black, flake8 and isort for linting, and implement unit testing using pytest. A pre-commit configuration file has been added, for checking against these linters before comitting.
Please squash all commits when merging a pull request.
Testing
To run the unittests, simply run pytest.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
