The fastest pading oracle cracker, in C++ with multithreading (1 thread per block).
The goal was to make a C++ version, with improvements, of my AES-CBC-CRACKER tool also available on my Github repo.
The goal is to exploit a padding oracle to recover a plaintext.
Thanks to cxxopts I saved a lot of time on parsing arguments.
First, compile the project:
makeAnd then, use this wonderful tool:
Usage:
oracle_padding_attack [OPTION...]
-u, --url arg Url pointing to the oracle
-m, --method arg SOCKET, GET or POST method
-p, --port arg Port number for SOCKET method (default: 0)
-d, --data arg Data to send (default: "")
-c, --cypher arg Cypher text
-b, --block-size arg Block size (8,16,32,64)
-e, --padding-error arg Padding error text
-h, --help Print usageExample for GET requests:
./AES-padding-cracker -u "http://example.com/index.php" -m GET -d "c=" -b 16 -c 59873749DC0D3A4ACC7F19D711853685EFCDBFECDF85D6B3AF6171F793CC20B4 -e "Padding Error"Example for POST requests:
./AES-padding-cracker -u "http://example.com/index.php" -m POST -d "param1=123&cypher=*" -b 16 -c 59873749DC0D3A4ACC7F19D711853685EFCDBFECDF85D6B3AF6171F793CC20B4 -e "Padding Error"The '*' char tells the script to replace it by the cyphertext.
Example for socket connections:
./AES-padding-cracker -u "example.com" -p 12345 -m "SOCKET" -b 16 -c "BC16542433100D9522DC3B6428D4FF5F7FC67B4994323C47ED09F185C3CE7A2E" -e "Padding Error"# TODO:
- better error handling, with clean exit
- Code optimization
- Hex AND base64 payload format