Changeset 79
- Timestamp:
- 06/09/15 10:59:12 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/bletchley-http2py
r73 r79 14 14 insists on using gzip/deflate encoding, insists on using chunked encoding, 15 15 or any number of other annoying things, then using an HTTP library is a 16 lot more convenient. This script attempts to make that conversion easy. 16 lot more convenient. This script attempts to make the conversion from a 17 raw HTTP request to HTTP library calls easy. 17 18 18 19 19 20 Copyright (C) 2011-2013 Virtual Security Research, LLC 21 Copyright (C) 2014-2015 Blindspot Security LLC 20 22 Author: Timothy D. Morgan 21 23 … … 32 34 along with this program. If not, see <http://www.gnu.org/licenses/>. 33 35 ''' 34 35 36 36 37 import sys … … 113 114 114 115 116 print('''#!/usr/bin/env python3 117 # This script was generated by bletchley-http2py 118 # See the "TODO" comments below for places to edit your request as needed for your situation. 119 120 import sys 121 from bletchley import blobtools,buffertools 122 from bletchley import chosenct 123 from bletchley.CBC import * 124 125 # TODO: ensure the host, port, and SSL settings are correct. 126 host = %s 127 port = %s 128 protocol = %s 129 130 def decode(token): 131 # TODO: Perhaps you needs something like this? 132 # (See 'bletchley-decode -e ?' for a list of encodings) 133 # return blobtools.decodeAll(['percent/mixed','base64/rfc3548'], data) 134 return token 135 136 137 def encode(binary): 138 # TODO: Perhaps you needs something like this? 139 # return blobtools.encodeAll(['base64/rfc3548', 'percent/mixed'], data) 140 return binary 141 ''' % (repr(host),repr(port),repr(protocol))) 142 115 143 if args.requests: 116 print('''#!/usr/bin/env python3 117 118 import sys 144 print(''' 119 145 try: 120 146 import requests … … 123 149 sys.stderr.write(' Under Debian, the package name is "python3-requests"\\n.') 124 150 sys.exit(1) 125 126 # from bletchley import blobtools,buffertools 127 # from bletchley import chosenct 128 # from bletchley.CBC import * 129 130 131 # TODO: ensure the host, port, and SSL settings are correct. 132 host = %s 133 port = %s 134 protocol = %s 135 ''' % (repr(host),repr(port),repr(protocol))) 151 ''') 136 152 137 153 headers = dict(headers) … … 144 160 print(''' 145 161 session = requests.Session() 146 # TODO: use "data" to supply any parameters to be included in the request147 162 def sendRequest(session, data=None): 163 data = data.decode('utf-8') 164 # TODO: use "data" below, wherever your token normally appears 148 165 method = %s 149 166 path = %s … … 157 174 print(''' 158 175 159 def fetch(data ):176 def fetch(data, other=None): 160 177 global session 161 178 ret_val = None 179 response = sendRequest(session, encode(data)) 162 180 163 181 # TODO: customize code here to retrieve what you need from the response(s) 164 182 # For information on the response object's interface, see: 165 183 # http://docs.python-requests.org/en/latest/api/#requests.Response 166 response = sendRequest(session, data) 184 185 # These are useful for debugging, but once your response processing is working, 186 # remove them so it isn't so verbose. 167 187 print(response.headers) 168 188 print(repr(response.content)) 169 189 170 190 return ret_val 171 172 data = ''173 fetch(data)174 191 ''') 175 192 … … 177 194 178 195 else: 179 print('''#!/usr/bin/env python3 180 181 import sys 196 print(''' 182 197 import http.client as httpc 183 # from bletchley import blobtools,buffertools 184 # from bletchley.CBC import * 185 186 187 # TODO: ensure the host, port, and SSL settings are correct. 188 host = %s 189 port = %s 190 use_ssl = %s 191 ''' % (repr(host),repr(port),repr(use_ssl))) 192 193 print(''' 194 # TODO: use "data" to supply any parameters to be included in the request 198 195 199 def sendRequest(connection, data=None): 200 data = data.decode('utf-8') 201 # TODO: use "data" below, wherever your token normally appears 196 202 method = %s 197 203 path = %s … … 227 233 ret_val = False 228 234 connection = newConnection() 235 response = sendRequest(connection, encode(data)) 229 236 230 237 # TODO: customize code here to retrieve what you need from the response(s) 231 238 # For information on the response object's interface, see: 232 239 # http://docs.python.org/library/httplib.html#httpresponse-objects 233 response = sendRequest(connection, data) 240 241 # These are useful for debugging, but once your response processing is working, 242 # remove them so it isn't so verbose. 234 243 print(response.getheaders()) 235 244 print(repr(response.read())) … … 237 246 connection.close() 238 247 return ret_val 239 240 data = '' 241 fetch(data) 242 ''') 248 ''') 249 243 250 244 251 print(''' 252 token = b'TODO: paste your encoded ciphertext here' 253 ciphertext = decode(token) 254 255 # TODO: Use this to verify you get the response you expect. 256 # Once everything is working, use the commented code below to conduct specific attacks. 257 fetch(ciphertext) 258 245 259 246 260 # Padding Oracle Attacks 247 # ciphertext = blobtools.decode('{ encoding }', data)248 261 # poa = POA(fetch, {block size}, ciphertext, threads=1, log_file=sys.stderr) 249 262 # print(poa.probe_padding()) # sanity check 250 263 # print(poa.decrypt()) 251 264 265 252 266 # Byte-by-byte probing of ciphertext 253 # ciphertext = blobtools.decode('{ encoding }', data) 267 # Maybe start with this as a fast but gentle probe: 268 # result = chosenct.probe_bytes(fetch, ciphertext, [1,128], max_threads=2) 269 # This is more in-depth (every bit of each byte) and more threads 254 270 # result = chosenct.probe_bytes(fetch, ciphertext, [1,2,4,8,16,32,64,128], max_threads=5) 271 # Yet more intensive (every byte value against every byte): 272 # result = chosenct.probe_bytes(fetch, ciphertext, list(range(1,256)), max_threads=8) 273 # 255 274 # print(result.toHTML()) 256 275 ''')
Note: See TracChangeset
for help on using the changeset viewer.