Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/KishanBagaria/padding-oracle-attacker

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
https://github.com/KishanBagaria/padding-oracle-attacker

aes cbc cipher-block-chaining crypto cryptography decryption encryption padding-oracle padding-oracle-attack padding-oracle-attacks

Last synced: 3 months ago
JSON representation

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

Lists

README 

        
# padding-oracle-attacker



CLI tool and library to execute [padding oracle attacks](https://en.wikipedia.org/wiki/Padding_oracle_attack) easily, with support for concurrent network requests and an elegant UI.



poattack decrypt demo



[![Build Status](https://api.travis-ci.com/KishanBagaria/padding-oracle-attacker.svg)](https://travis-ci.com/KishanBagaria/padding-oracle-attacker)



## Install



Make sure [Node.js](https://nodejs.org/) is installed, then run



```sh

$ npm install --global padding-oracle-attacker

```

or

```sh

$ yarn global add padding-oracle-attacker

```



## CLI Usage



```

Usage

  $ padding-oracle-attacker decrypt  hex:   [options]

  $ padding-oracle-attacker decrypt  b64:   [options]



  $ padding-oracle-attacker encrypt              [options]

  $ padding-oracle-attacker encrypt  hex:    [options]



  $ padding-oracle-attacker analyze  [] [options]



Commands

  decrypt                  Finds the plaintext (foobar) for given ciphertext (hex:0123abcd)

  encrypt                  Finds the ciphertext (hex:abcd1234) for given plaintext (foo=bar)

  analyze                  Helps find out if the URL is vulnerable or not, and

                           how the response differs when a decryption error occurs

                           (for the  argument)



Arguments

                      URL to attack. Payload will be inserted at the end by default. To specify

                           a custom injection point, include {POPAYLOAD} in a header (-H),

                           request body (-d) or the URL

               Block size used by the encryption algorithm on the server

                    The string present in response when decryption fails on the server.

                           Specify a string present in the HTTP response body (like PaddingException)

                           or status code of the HTTP response (like 400)



Options

  -c, --concurrency        Requests to be sent concurrently                      [default: 128]

      --disable-cache      Disable network cache. Saved to                       [default: false]

                           poattack-cache.json.gz.txt by default

  -X, --method             HTTP method to use while making request               [default: GET]

  -H, --header             Headers to be sent with request.

                             -H 'Cookie: cookie1' -H 'User-Agent: Googlebot/2.1'

  -d, --data               Request body

                             JSON string: {"id": 101, "foo": "bar"}

                             URL encoded: id=101&foo=bar

                           Make sure to specify the Content-Type header.



  -e, --payload-encoding   Ciphertext payload encoding for {POPAYLOAD}           [default: hex]

                             base64          FooBar+/=

                             base64-urlsafe  FooBar-_

                             hex             deadbeef

                             hex-uppercase   DEADBEEF

                             base64(xyz)     Custom base64 ('xyz' represent characters for '+/=')



  --dont-urlencode-payload Don't URL encode {POPAYLOAD}                          [default: false]



  --start-from-1st-block   Start processing from the first block instead         [default: false]

                           of the last (only works with decrypt mode)



Examples

  $ poattack decrypt http://localhost:2020/decrypt?ciphertext=

      hex:e3e70d8599206647dbc96952aaa209d75b4e3c494842aa1aa8931f51505df2a8a184e99501914312e2c50320835404e9

      16 400

  $ poattack encrypt http://localhost:2020/decrypt?ciphertext= "foo bar 🦄" 16 400

  $ poattack encrypt http://localhost:2020/decrypt?ciphertext= hex:666f6f2062617220f09fa684 16 400

  $ poattack analyze http://localhost:2020/decrypt?ciphertext=



Aliases

  poattack

  padding-oracle-attack

```



## Library API



```js

const { decrypt, encrypt } = require('padding-oracle-attacker')

// or

import { decrypt, encrypt } from 'padding-oracle-attacker'



const { blockCount, totalSize, foundBytes, interBytes } = await decrypt(options)



const { blockCount, totalSize, foundBytes, interBytes, finalRequest } = await encrypt(options)

```



#### `decrypt(options: Object): Promise`

#### `encrypt(options: Object): Promise`



##### Required options



###### `url: string`

URL to attack. Payload will be appended at the end by default. To specify a custom injection point, include `{POPAYLOAD}` in the URL, a header (`requestOptions.headers`) or the request body (`requestOptions.data`)



###### `blockSize: number`

Block size used by the encryption algorithm on the server.



###### `isDecryptionSuccess: ({ statusCode, headers, body }) => boolean`

Function that returns true if the server response indicates decryption was successful.



###### `ciphertext: Buffer` (`decrypt` only)

Ciphertext to decrypt.



###### `plaintext: Buffer` (`encrypt` only)

Plaintext to encrypt. Padding will be added automatically. Example: `Buffer.from('foo bar', 'utf8')`



---



##### Optional options



###### `concurrency: number = 128`

Network requests to be sent concurrently.



###### `isCacheEnabled: boolean = true`

Responses are cached by default and saved to `poattack-cache.json.gz.txt`. Set to `false` to disable caching.



###### `requestOptions: { method, headers, data }`

###### `requestOptions.method: string`

HTTP method to use while making the request. `GET` by default. `POST`, `PUT`, `DELETE` are some valid options.



###### `requestOptions.headers: { string: string }`

Headers to be sent with request. Example: `{ 'Content-Type': 'application/x-www-form-urlencoded' }`



###### `requestOptions.body: string`

Request body. Can be a JSON string, URL encoded params etc. `Content-Type` header has to be set manually.



###### `logMode: 'full'|'minimal'|'none' = 'full'`

`full`: Log everything to console (default)  

`minimal`: Log only after start and completion to console  

`none`: Log nothing to console



###### `transformPayload: (ciphertext: Buffer) => string`

Function to convert the `ciphertext` into a string when making a request. By default, `ciphertext` is encoded in hex and inserted at the injection point (URL end unless `{POPAYLOAD}` is present).



---

##### Optional options (`decrypt` only)



###### `alreadyFound: Buffer`

Plaintext bytes already known/found that can be skipped (from the end). If you provide a `Buffer` of ten bytes, the last ten bytes will be skipped.



###### `initFirstPayloadBlockWithOrigBytes: boolean = false`

Initialize first payload block with original `ciphertext` bytes instead of zeroes.  

Example: `abcdef12345678ff 1111111111111111` instead of `00000000000000ff 1111111111111111`



###### `startFromFirstBlock: boolean = false`

Start processing from the first block instead of the last.



###### `makeInitialRequest: boolean = true`

Make an initial request with the original `ciphertext` provided and log server response to console to allow the user to make sure network requests are being sent correctly.



---

##### Optional options (`encrypt` only)



###### `makeFinalRequest: boolean = true`

After finding the `ciphertext` bytes for the new `plaintext`, make a final request with the found bytes and log the server response to console.



###### `lastCiphertextBlock: Buffer`

Custom ciphertext for the last block. Last block is just zeroes by default (`000000000000000`).



## Developing



`padding-oracle-attacker` is written in TypeScript. If you'd like to modify the source files and run them, you can either compile the files into JS first and run them using node, or use [ts-node](https://www.npmjs.com/package/ts-node).  

Example: `yarn build` then `node dist/cli ...` or simply `ts-node src/cli ...`



##### `yarn build` or `npm run build`

Builds the TypeScript files inside the `src` directory to JS files and outputs them to the `dist` directory.



##### `yarn clean` or `npm run clean`

Deletes the `dist` directory.



##### `yarn lint` or `npm run lint`

Lints the files using eslint.



##### `yarn test` or `npm run test`

Lints and runs the tests using ava.



##### `node test/helpers/vulnerable-server.js`

Runs the test server which is vulnerable to padding oracle attacks at 



## Related



* [PadBuster](https://github.com/AonCyberLabs/PadBuster) (Perl)

* [Padding Oracle Attack](https://github.com/mpgn/Padding-oracle-attack) (Python)

* [python-paddingoracle](https://github.com/mwielgoszewski/python-paddingoracle) (Python)

* [Poracle](https://github.com/iagox86/poracle) (Ruby)

* [GoPaddy](https://github.com/glebarez/GoPaddy) (Go)

* [pax](https://github.com/liamg/pax) (Go)

* [padre](https://github.com/glebarez/padre) (Go)

* [Padantic](https://github.com/sum-catnip/padantic) (Rust)

* [Padoracle](https://github.com/imyelo/padoracle) (JavaScript)



## License



MIT © [Kishan Bagaria](https://kishanbagaria.com)