PadBuster
PadBuster is a Perl script for automating Padding Oracle Attacks. It enables decryption of arbitrary ciphertext, encryption of arbitrary plaintext, and vulnerability detection through automated response analysis.
Description
PadBuster is designed to exploit Padding Oracle vulnerabilities in web applications. These vulnerabilities occur when a server provides information about padding validity in encrypted data responses, allowing attackers to decrypt data block by block. The tool automates this process, making it efficient for security testing.
Use cases include testing web applications that use block ciphers like AES or DES with improper padding validation. Testers provide an encrypted sample from the target, and PadBuster systematically modifies it to reveal plaintext. It supports various encoding formats and handles authentication, cookies, and custom ciphertexts.
The tool is particularly valuable for penetration testing teams assessing cryptographic implementations in web services. By automating the labor-intensive oracle attack process, it helps identify critical flaws that could lead to sensitive data exposure.
How It Works
PadBuster performs Padding Oracle Attacks by exploiting servers that leak padding validity information. It uses the provided EncryptedSample and systematically alters blocks according to PKCS#5/PKCS#7 padding rules. For each byte position, it tries all possible values while maintaining valid padding in subsequent bytes, observing server responses to deduce correct plaintext bytes. The process repeats across blocks, using techniques like byte-at-a-time decryption and intermediate ciphertext manipulation. Supports multiple encodings (Base64, Hex, UrlToken, WebSafe Base64) and integrates with HTTP requests including authentication and cookies.
Installation
sudo apt install padbusterFlags
Examples
padbuster -hpadbuster http://target.com/page?token=ABC123DEF456 16padbuster http://target.com/page?token=ABC123DEF456 16 -encoding 1padbuster http://target.com/page?token=ABC123DEF456 16 -auth user:passpadbuster http://target.com/page?token=ABC123DEF456 16 -cookies session=abc123padbuster http://target.com/page?token=ABC123DEF456 16 -bruteforcepadbuster http://target.com/page?token=ABC123DEF456 16 -encoding 3 -encodedtext SGVsbG8=