def c13():
input = "foo=bar&baz=qux&zap=zazzle"
#print Profile.parse(input)
input2 = "*****@*****.**"
p = Profile.profile_for(input2)
# print p , p.encode()
# now we make role= appear at the end of a block
legit_email = "*****@*****.**"
lp = Profile.profile_for(legit_email)
legit_ciphertext = Profile.encrypt(lp.encode())
# generate a fake profile where 'admin' appears at the begining of a block
fake_email = "A"*10 + "admin"
fp = Profile.profile_for(fake_email)
fake_ciphertext = Profile.encrypt(fp.encode())
# perform a cut and paste of the ECB ciphertexts obtained above
ciphertext = legit_ciphertext[:32] + fake_ciphertext[16:32]
# fake_profile = Profile.decrypt(ciphertext)
# print fake_profile
new_profile = Profile.parse(Profile.decrypt(ciphertext))
print new_profile
def c13_enhanced():
"""
In this enhanced mode of c13, we search for the appropriate sizes
of the legitimate, fake profile's.
i denotes the size of the legitimate email id that is created so that the
word role= is positioned at the end of a block
j denotes the size of the fake email id that we create to position admin at the begining of a new block
since we do not know whether the keywordsd role=, admin are part fo the cookie, we search for all possible pairs i,j and perform the
ECB cut and paste attack performed in part 13
for one combiantion of i,j the keyword role= would be at the end of
a block and the fake profile's 'admin' would be at the begining of
a block. splicing the two and decrypting, generates a counterfeit
profile with its privilege escalated
"""
input = "foo=bar&baz=qux&zap=zazzle"
#print Profile.parse(input)
input2 = "*****@*****.**"
p = Profile.profile_for(input2)
# now we make 'role='' appear at the end of a block
# since we do not know where eactly it occurs in the plaintext, we
# search for all possible sizes for the email id such that 'role=' would
# be pushed to the end of a block
bsize = 16
for i in range(bsize):
legit_email = "a"*i + "@bar.com"
lp = Profile.profile_for(legit_email)
legit_ciphertext = Profile.encrypt(lp.encode())
# generate a fake profile where 'admin' appears at the begining of a block
# search all possible sizes from 0 through bsize, so that 'admin' falls
# at the begining of a block
for j in range(bsize):
fake_email = "A"*j + "admin"
fp = Profile.profile_for(fake_email)
fake_ciphertext = Profile.encrypt(fp.encode())
# perform a cut and paste of the ECB ciphertexts obtained above
ciphertext = legit_ciphertext[:32] + fake_ciphertext[16:32]
# print fake_profile
new_profile = Profile.parse(Profile.decrypt(ciphertext))
print new_profile , i , j, "\n"