PaddingOracles/code/poc_po1.py

from base64 import b64encode, b64decode
from padd0r import PaddingOracle, Encoding
import requests
import logging

# disable logging
logging.getLogger("requests").setLevel(logging.CRITICAL)
logging.getLogger("urllib3").setLevel(logging.WARNING)

# Set the admin cookie!
admin_cookie = ""

def oracle(ct):

    url = "http://127.0.0.1:5000/po1"

    data = {
        "auth":b64encode(ct)
    }

    text = requests.get(url, cookies=data).text

    # distinguish between a padding error and a valid padding
    # ....



    # dont forget to return true on a valid padding and false on a wrong padding


def decrypt(cookie):
    #                   ciphertext
    #                           verbosity can be 1 or 2
    #                                       which encodings are realistic?
    #                                                               pass the oracle functions as parameter
    po = PaddingOracle(cookie, verbosity=1, encoding=Encoding.b64, oracle=oracle)
    po.set_output("hex")

    # decrypt the blocks



decrypt(admin_cookie)