GitHub - gw0/PadBuster: Automated script for performing Padding Oracle attacks

gw0 / PadBuster Public

forked from AonCyberLabs/PadBuster

Notifications You must be signed in to change notification settings
Fork 1
Star 12

Automated script for performing Padding Oracle attacks

www.gdssecurity.com/l/

12 stars 219 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
README		README
autoBuster.sh		autoBuster.sh
padBuster.pl		padBuster.pl

Repository files navigation

PadBuster - Automated script for performing Padding Oracle attacks

Author: Brian Holyfield - Gotham Digital Science (labs@gdssecurity.com)

Credits to J.Rizzo and T.Duong for providing proof of concept web exploit
techniques and S.Vaudenay for initial discovery of the attack. Credits also
to James M. Martin (research@esptl.com) for sharing proof of concept exploit
code for performing various brute force attack techniques. Credits for variuos
improvements to GW (gw.2011@tnode.com or http://gw.tnode.com/) - Viris.

PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster  
provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, 
and perform automated response analysis to determine whether a request is vulnerable 
to padding oracle attacks.

autoBuster.sh is a script for automatic resource path encoding, bruteforcing and
file downloading by GW (gw.2011@tnode.com or http://gw.tnode.com/) - Viris.

PadBuster is released under the Reciprocal Public License 1.5 (RPL1.5)
http://www.opensource.org/licenses/rpl1.5