Awesome
PaddingOracleDemos
Example web application vulnerable to the Padding Oracle attack and scripts to exploit it.
Web application
Usage:
# python pador.py
Dependencies:
Testing:
# curl http://127.0.0.1:5000/encrypt?plain=ApplicationUsername%3Duser%26Password%3Dsesame
crypted: 484b850123a04baf15df9be14e87369[..]
# curl http://127.0.0.1:5000/echo?cipher=484b850123a04baf15df9be14e87369[..]
decrypted: ApplicationUsername=user&Password=sesame
# curl http://127.0.0.1:5000/check?cipher=484b850123a04baf15df9be14e87369[..]
decrypted: ApplicationUsername=user&Password=sesame
parsed: {'Password': ['sesame'], 'ApplicationUsername': ['user']}
Exploit scripts
The files in python-exploit/
contain examples on how to exploit the web application using python-paddingoracle.
Usage:
# python http-advanced.py
# python http-simple.py
Dependencies: