Skip to content

GDSSecurity/PaddingOracleDemos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
python-exploit
python-exploit
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pador.py
pador.py
 
 

Repository files navigation

PaddingOracleDemos

Example web application vulnerable to the Padding Oracle attack and scripts to exploit it.

Web application

Usage:

# python pador.py

Dependencies:

Testing:

# curl http://127.0.0.1:5000/encrypt?plain=ApplicationUsername%3Duser%26Password%3Dsesame
crypted: 484b850123a04baf15df9be14e87369[..]

# curl http://127.0.0.1:5000/echo?cipher=484b850123a04baf15df9be14e87369[..]
decrypted: ApplicationUsername=user&Password=sesame

# curl http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369[..]
decrypted: ApplicationUsername=user&Password=sesame
parsed: {'Password': ['sesame'], 'ApplicationUsername': ['user']}

Exploit scripts

The files in python-exploit/ contain examples on how to exploit the web application using python-paddingoracle.

Usage:

# python http-advanced.py

# python http-simple.py

Dependencies:

About

No description, website, or topics provided.

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

22 stars

Watchers

86 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages