Paddown is an AES CBC PKCS7 Padding Oracle Attack engine. It simplifies performing Padding Oracle Attack on a vulnerable encryption service. This is useful for both CTF and real-world attacks, where you are in possession of a ciphertext, and have a so called Padding Oracle available.
-
Using Paddown is as easy as subclassing the
Paddown
class overwriting thehasValidPadding(...)
method retuning abool
. As argument it takes ciphertext to test against the Padding Oracle. Have your implementation returnTrue
if you receive no padding error andFalse
otherwise. -
Now you are ready to call
.decrypt()
on your class and start decrypting your ciphertext.
Examples can be found in the ./examples
directory.
The project can be setup with
python3 -m venv .venv
.venv/bin/activate
pip install -r requirements/dev.txt
pre-commit install
We are open to pull requests.
We use black, flake8 and isort for linting, and implement unit testing using pytest. A pre-commit configuration file has been added, for checking against these linters before comitting.
Please squash all commits when merging a pull request.
To run the unittests, simply run pytest
.