Monday, December 16, 2013

Yet another library for padding oracle exploitation

There seem to be quite a few tools out there that try to help one exploit padding oracle vulnerabilities. I just wrote my own for fun.

The repository with the code can be found here.
A dummy server can be found in the same repository along with code that uses the library.

You can use the library as shown here. You are expected to create an instance of "PaddingAttack" with the ciphertext, the IV, a callback, the blocksize(defaults to 16) and a logging level(defaults to INFO).

The details of how it can be used can be found here.

Reference :