-
Notifications
You must be signed in to change notification settings - Fork 0
/
padding_oracle.py
58 lines (45 loc) · 1.85 KB
/
padding_oracle.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/python3
# Run me like this:
# $ python3 padding_oracle.py "https://project1.eecs388.org/uniqname/paddingoracle/verify" "5a7793d3..."
# or select "Padding Oracle" from the VS Code debugger
import json
import sys
import time
from typing import Union, Dict, List
import requests
# Create one session for each oracle request to share. This allows the
# underlying connection to be re-used, which speeds up subsequent requests!
s = requests.session()
def oracle(url: str, messages: List[bytes]) -> List[Dict[str, str]]:
while True:
try:
r = s.post(url, data={"message": [m.hex() for m in messages]})
r.raise_for_status()
return r.json()
# Under heavy server load, your request might time out. If this happens,
# the function will automatically retry in 10 seconds for you.
except requests.exceptions.RequestException as e:
sys.stderr.write(str(e))
sys.stderr.write("\nRetrying in 10 seconds...\n")
time.sleep(10)
continue
except json.JSONDecodeError as e:
sys.stderr.write("It's possible that the oracle server is overloaded right now, or that provided URL is wrong.\n")
sys.stderr.write("If this keeps happening, check the URL. Perhaps your uniqname is not set.\n")
sys.stderr.write("Retrying in 10 seconds...\n\n")
time.sleep(10)
continue
def main():
if len(sys.argv) != 3:
print(f"usage: {sys.argv[0]} ORACLE_URL CIPHERTEXT_HEX", file=sys.stderr)
sys.exit(-1)
oracle_url, message = sys.argv[1], bytes.fromhex(sys.argv[2])
if oracle(oracle_url, [message])[0]["status"] != "valid":
print("Message invalid", file=sys.stderr)
#
# TODO: Decrypt the message
#
decrypted = "TODO"
print(decrypted)
if __name__ == '__main__':
main()