Documentation of the Training Source-Code

This project is written in python. The Framework flask is used for the web application. The following part will describe how the code is structred.

main.py

This file contains the basic server functionality of the application. Every resource and the requests to this resource is handled in this file

Available resources are:

/ # or /dashboard to access the challange description

/po1 # First Challange - simple CBC Challange where the attacker must decrypt the cookie via a simple CBC Padding Oracle

/po2 # Second Challange - more advanced CBC Challange where the attacker must decrypt the cookie and then change some values.

/po3 # Third Challange - First RSA Padding Oracle Attack, implements a PKCS #1 v1.5 cookie encryption

/po4 # Fourth Challange - Timing is everything... CBC Padding Oracle Attack via Timing Side Channel. Timing is increased using sleep() to simplify the attack.

crypto.py

This file implements every cryptographic function used for the challanges.