{"id":27859772,"url":"https://github.com/melonattacker/oidc-access-control","last_synced_at":"2025-05-04T17:07:18.776Z","repository":{"id":209994290,"uuid":"718469704","full_name":"melonattacker/oidc-access-control","owner":"melonattacker","description":"PoC Implementation of OIPM(OpenID Connect Impersonation Prevention Mechanism)","archived":false,"fork":false,"pushed_at":"2024-02-12T07:47:42.000Z","size":153,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-04T17:07:10.963Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/melonattacker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-11-14T06:22:52.000Z","updated_at":"2024-01-17T03:00:04.000Z","dependencies_parsed_at":"2023-12-25T07:32:32.794Z","dependency_job_id":"9b26f689-c6ec-4cc4-a3c7-3d5502fe4c97","html_url":"https://github.com/melonattacker/oidc-access-control","commit_stats":null,"previous_names":["melonattacker/oidc-access-control"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foidc-access-control","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foidc-access-control/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foidc-access-control/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foidc-access-control/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/melonattacker","download_url":"https://codeload.github.com/melonattacker/oidc-access-control/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252369001,"owners_count":21736876,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-04T17:07:18.265Z","updated_at":"2025-05-04T17:07:18.774Z","avatar_url":"https://github.com/melonattacker.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oidc-access-control\n## Usage\n\n```\n// build \u0026 run\ndocker compose up -d --build\n\n// stop \u0026 remove\ndocker compose down -v\n```\n\nRP : `https://localhost:4444`, IdP : `http://localhost:4445`\n\n## Demo\n\n1. Access to `https://localhost:4444`\n2. Click `Please log in`\n3. Log in with User ID : `hoge`, Password : `hoge`\n4. `Do you consent to share your information with the client?` -\u003e Click `Yes`\n5. `Submitting Callback...` -\u003e Click `Register`\n6. If `Sign up succeeded.` is displayed, you have successfully signed up.\n7. Click `Login` -\u003e Select your passkey\n8. If `Sign in succeeded.` is displayed, you have successfully signed in.\n9. Click `After Login Request`\n10. If `After sigin in request succeeded.` is displayed, your request has been successfully processed.\n11. Click `After Login Confidential Request` -\u003e Select your passkey\n12. If `After sigin in confidential request succeeded.` is displayed, your request has been successfully processed.\n\n## Evaluation\n\n### Setup\n```\n// build \u0026 run (evaluation)\ndocker compose -f docker-compose.evaluation.yml up -d --build\n```\n\n### Access Pattern\n#### Legitimate User: Access from victim's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/legitimate/victim_browser.py\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\nafter sign in result (attacker):  \u003cp id=\"content\"\u003eAfter sigin in request succeeded.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's credential from victim's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/credential/victim_browser.py   \nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's credential from attacker's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec attacker bash\n# python3 access_pattern/credential/attacker_browser.py   \nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's id_token from victim's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/id_token/victim_browser.py\nign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\n...\nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's id_token from attacker's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/id_token/attacker_browser_pre.py\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\n...\nok\n\ndocker compose -f docker-compose.evaluation.yml exec attacker bash\n# python3 access_pattern/id_token/attacker_browser.py\nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's id_token generated by IdP's signing key from victim's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/idp_signing_key/victim_browser.py\n...\nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's id_token generated by IdP's signing key from attacker's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec attacker bash\n# python3 access_pattern/idp_signing_key/attacker_browser.py\n...\nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's session_token and secret from victim's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/session_token/secret/victim_browser.py\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\nafter sign in result (attacker):  \u003cp id=\"content\"\u003eAfter sigin in request succeeded.\u003c/p\u003e\nafter sign in confidential result (attacker):  \u003cp id=\"content\"\u003eAfter sigin in confidential request failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's session_token and secret from attacker's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/session_token/secret/attacker_browser_pre.py\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\nsession_token:  s%3AfmPIDVycNd-X2l1IVtBSom2CYYrgWkq1.FONwNQeIEcVNR8uJzukjCGiV7SnHBQz3%2BFYL3g%2Fyyp8\nsecret:  54b247263b55770a9bb7f2ab4f9c7658\nok\n\ndocker compose -f docker-compose.evaluation.yml exec attacker bash\n# python3 access_pattern/session_token/secret/attacker_browser.py\nsession_token:  s%3AfmPIDVycNd-X2l1IVtBSom2CYYrgWkq1.FONwNQeIEcVNR8uJzukjCGiV7SnHBQz3%2BFYL3g%2Fyyp8\nsecret:  54b247263b55770a9bb7f2ab4f9c7658\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\ncookies:  [{'name': 'connect.sid', 'value': 's%3AXfrJAZ2cJ_gXzr8JZUbCnX_kdCh_IISu.2lzETWS8%2BRd50J1Y5m8twEewehXJNC65%2BazaOJgC938', 'domain': 'idp', 'path': '/', 'expires': -1, 'httpOnly': True, 'secure': False, 'sameSite': 'Lax'}, {'name': 'connect.sid', 'value': 's%3AfmPIDVycNd-X2l1IVtBSom2CYYrgWkq1.FONwNQeIEcVNR8uJzukjCGiV7SnHBQz3%2BFYL3g%2Fyyp8', 'domain': 'rp', 'path': '/', 'expires': -1, 'httpOnly': False, 'secure': False, 'sameSite': 'Lax'}]\nafter sign in result (attacker):  \u003cp id=\"content\"\u003eAfter sigin in request failed.\u003c/p\u003e\n```\n\n#### Attacker: Access with victim's session_token and hash from victim's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/session_token/hash/victim_browser.py\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\nafter sign in result (victim):  \u003cp id=\"content\"\u003eAfter sigin in request succeeded.\u003c/p\u003e\nhash:  7030e9ee35007c07c96a3c3ea6dc4dd637107b5516e496b68f8c098d3f3cbb5d\nafter sign in result (attacker):  {'verified': True}\n```\n\n#### Attacker: Access with victim's session_token and hash from attacker's browser\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# python3 access_pattern/session_token/hash/attacker_browser_pre.py\nsign up result (victim):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (victim):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\nsession_token:  s%3AiNa0QM8yHooLQabvWWgHNLy2FEgTzQkc.UvufSbkXiLJpkX8rLIJdN%2FJ3aZy%2BEkxNZVuUClaqjVE\nafter sign in result (victim):  \u003cp id=\"content\"\u003eAfter sigin in request succeeded.\u003c/p\u003e\nhash:  1c7565bd8474cc46476501653ac7ec398335ce4be2609a07088d6db0f7b4a44e\nok\n\ndocker compose -f docker-compose.evaluation.yml exec attacker bash\n# python3 access_pattern/session_token/hash/attacker_browser.py\nsession_token:  s%3AiNa0QM8yHooLQabvWWgHNLy2FEgTzQkc.UvufSbkXiLJpkX8rLIJdN%2FJ3aZy%2BEkxNZVuUClaqjVE\nhash:  1c7565bd8474cc46476501653ac7ec398335ce4be2609a07088d6db0f7b4a44e\nsign up result (attacker):  \u003cp id=\"content\"\u003eSign up succeeded.\u003c/p\u003e\nsign in result (attacker):  \u003cp id=\"content\"\u003eSign in succeeded.\u003c/p\u003e\ncookies:  [{'name': 'connect.sid', 'value': 's%3AmbyT5Kj0pWZw6ZFtwZt5sjilZbe9CVcD.g3M391yC16lLbV0xq%2B5LS97vlMzbxUHeb746Zex%2B8Gk', 'domain': 'idp', 'path': '/', 'expires': -1, 'httpOnly': True, 'secure': False, 'sameSite': 'Lax'}, {'name': 'connect.sid', 'value': 's%3AiNa0QM8yHooLQabvWWgHNLy2FEgTzQkc.UvufSbkXiLJpkX8rLIJdN%2FJ3aZy%2BEkxNZVuUClaqjVE', 'domain': 'rp', 'path': '/', 'expires': -1, 'httpOnly': False, 'secure': False, 'sameSite': 'Lax'}]\nafter sign in result (attacker):  {'verified': False}\n```\n\n### Performance\n\n#### Reponse Time\n\n##### baseline\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=true python3 performance/response_time/baseline_signin.py\n# SAVE_TO_CSV=true python3 performance/response_time/baseline_after_signin.py\n```\n\n##### proposed method\n```\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=true python3 performance/response_time/proposed_signin.py\n# SAVE_TO_CSV=true python3 performance/response_time/proposed_after_signin.py\n# SAVE_TO_CSV=true python3 performance/response_time/proposed_after_signin_confidential.py\n```\n\n#### Resource\n\n##### baseline\n```\n// Execute on host machine\nbash ./evaluation/performance/resource/baseline_signin.sh\n\n// Execute same time with above script\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=false python3 performance/response_time/baseline_signin.py\n```\n\n```\n// Execute on host machine\nbash ./evaluation/performance/resource/baseline_after_signin.sh\n\n// Execute same time with above script\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=false python3 performance/response_time/baseline_after_signin.py\n```\n\n##### proposed method\n```\n// Execute on host machine\nbash ./evaluation/performance/resource/proposed_signin.sh\n\n// Execute same time with above script\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=false python3 performance/response_time/proposed_signin.py\n```\n\n```\n// Execute on host machine\nbash ./evaluation/performance/resource/proposed_after_signin.sh\n\n// Execute same time with above script\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=false python3 performance/response_time/proposed_after_signin.py\n```\n\n```\n// Execute on host machine\nbash ./evaluation/performance/resource/proposed_after_signin_confidential.sh\n\n// Execute same time with above script\ndocker compose -f docker-compose.evaluation.yml exec victim bash\n# SAVE_TO_CSV=false python3 performance/response_time/proposed_after_signin_confidential.py\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmelonattacker%2Foidc-access-control","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmelonattacker%2Foidc-access-control","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmelonattacker%2Foidc-access-control/lists"}