tanner icon indicating copy to clipboard operation
tanner copied to clipboard

Published 20 hours ago verified publisher icon mushorg

Padding Oracle Emulator

Open rnehra01 opened this issue 7 years ago • 5 comments

Padding oracles are famous in cookie-based attacks. The problem is that we need to send an encrypted cookie first to implement this type of attack. Thus this emulator doesn't fall under the category of normal detect and emulate category, so what I'm thinking is that we'll send an encrypted cookie if user sends us some login data and we'll encrypt that data (maybe username and some user id something like that to make it look real), we'll detect attack only on that cookie. Once we found tampering (invalid padding), we can send invalid padding type of responses. It's good to send the encrypted cookie only if some login type data is given, because sending a random encrypted cookie, won't make it look real. @afeena please review and provide suggestions.

rnehra01 avatar Jun 16 '17 17:06 rnehra01

I agree that we should set some encrypted cookie. But don't we need some login options for that? We can't set such cookie as username till person log in. So we should emulate login (but how to login without having an account?) Moreover, so many possible sites can be cloned. Some of them have login page, but others don't. We should think about all possible variants and choose the best. To be honest, right now I have no idea how to implement this emulator.

afeena avatar Jun 17 '17 18:06 afeena

I've put some thought into it, and I think we can make it more general. Our final aim is to make an emulator that attracts attacker, so we could set a cookie that stores normal_user and admin + we could store ip or something. So the attacker will try to make the cookie to admin. I'm searching for websites that keep encrypted cookie, though there is no login, scenarios where there is polling system, each person gets to vote once, ideas like that.

rnehra01 avatar Jun 17 '17 18:06 rnehra01

@afeena If you think we should give it some more time, then we can put it on hold and implement it at last. And we can make it open for discussion so that we can get more ideas.

rnehra01 avatar Jun 17 '17 19:06 rnehra01

@rnehra01 Yeah, we can start working on other tasks till we have understanding how to implement this task best :)

afeena avatar Jun 18 '17 20:06 afeena

@glaslos What do you think about this? I have some doubts that we need such functionality.

afeena avatar Mar 20 '20 18:03 afeena