This project demonstrates a Padding Oracle Attack. The encryption used is AES-128-CBC and the padding has been made to match the variation of PKCS#7 padding that TLS 1.0 uses.
The goal is to recover the original plaintext using only oracle access to a server that reveals whether decrypted ciphertext has valid padding.
- Node.js
Open a terminal and enter following command:
node demo.jsYou will then be promted to enter a plaintext message - or go with the default secret message: "This is a secret message."
As an output you'll see:
- The ciphertext as a HEX
- The original message
- The original message as a HEX
- The original length of the message
- The ciphertext length
- The recovered Plaintext
- A response on whether or not the attack succeded.
If the attack succeded you should see the response:
- Success: The attack correctly recovered the plaintext!
If it failed you should see: Failure: The recovered plaintext does not match the original.