Skip to content
/ Delphi Public

A Python library for CBC padding oracle attacks, including both encryption and decryption exploits.

www.brunorochamoura.com/posts/cbc-padding-oracle/

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BrunoRochaDev/Delphi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
delphi.py
delphi.py
 
 
example.py
example.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🏛️ Delphi 🔮

Made by BRM.


Delphi is a Python library for conducting CBC padding oracle attacks—a cryptographic technique that exploits padding validation to decrypt ciphertexts or forge new ones.

This library simplifies padding oracle attacks by providing versatile functions for encryption and decryption that can be seamlessly integrated into your custom PoC scripts targeting specific systems.

Features

  • Decryption Attacks: Recover plaintext from encrypted messages.
  • Encryption Attacks: Forge ciphertexts to produce any desired plaintext.
  • Flexible IV Control: Supports both scenarios where the Initialization Vector is controllable and where it isn’t.
  • Seamless Integration: Easily incorporate into PoC scripts tailored to your target.

How To Use

Integrating Delphi into your PoC script is straightforward.

First, clone the repository to your local machine and install the dependencies:

git clone https://github.com/BrunoRochaDev/Delphi.git
cd Delphi
pip install -r requirements.txt

Next, create your own Python script within this directory. To use Delphi, follow these steps:

  1. Import the encrypt and/or decrypt functions from Delphi as needed.
  2. Implement your own function that communicates with the padding oracle and returns True if the oracle indicates the padding is valid, or False otherwise.
  3. Call the encrypt and/or decrypt functions from Delphi, supplying the necessary arguments.

The example.py file is included to illustrate how Delphi's functions, defined in delphi.py, can be utilized in a practical PoC.

How It Works

For an in-depth explanation of padding oracle attacks, check out my blog post: How To Exploit Padding Oracles.

This post delves into the cryptographic concepts behind the attack, showcases a hypothetical web application vulnerable to it, and demonstrates a PoC leveraging Delphi to exploit the vulnerability.

Disclaimer

Delphi is intended for educational and research purposes only.

Use this library responsibly. Unauthorized usage against systems without explicit permission may breach laws and ethical standards. The author assumes no responsibility for misuse.

License

This project is distributed under the AGPLv3 License. See the LICENSE file for details.

About

A Python library for CBC padding oracle attacks, including both encryption and decryption exploits.

www.brunorochamoura.com/posts/cbc-padding-oracle/

Topics

cryptography cybersecurity pentesting cbc-mode padding-oracle-attack

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages