Changeset 79


Ignore:
Timestamp:
06/09/15 10:59:12 (10 years ago)
Author:
tim
Message:

.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bin/bletchley-http2py

    r73 r79  
    1414insists on using gzip/deflate encoding, insists on using chunked encoding,
    1515or any number of other annoying things, then using an HTTP library is a
    16 lot more convenient.  This script attempts to make that conversion easy.
     16lot more convenient.  This script attempts to make the conversion from a
     17raw HTTP request to HTTP library calls easy.
    1718
    1819
    1920Copyright (C) 2011-2013 Virtual Security Research, LLC
     21Copyright (C) 2014-2015 Blindspot Security LLC
    2022Author: Timothy D. Morgan
    2123
     
    3234 along with this program.  If not, see <http://www.gnu.org/licenses/>.
    3335'''
    34 
    3536
    3637import sys
     
    113114
    114115
     116print('''#!/usr/bin/env python3
     117# This script was generated by bletchley-http2py
     118# See the "TODO" comments below for places to edit your request as needed for your situation.
     119
     120import sys
     121from bletchley import blobtools,buffertools
     122from bletchley import chosenct
     123from bletchley.CBC import *
     124
     125# TODO: ensure the host, port, and SSL settings are correct.
     126host = %s
     127port = %s
     128protocol = %s
     129
     130def decode(token):
     131    # TODO: Perhaps you needs something like this?
     132    #       (See 'bletchley-decode -e ?' for a list of encodings)
     133    # return blobtools.decodeAll(['percent/mixed','base64/rfc3548'], data)
     134    return token
     135
     136
     137def encode(binary):
     138    # TODO: Perhaps you needs something like this?
     139    # return blobtools.encodeAll(['base64/rfc3548', 'percent/mixed'], data)
     140    return binary
     141''' % (repr(host),repr(port),repr(protocol)))
     142
    115143if args.requests:
    116     print('''#!/usr/bin/env python3
    117 
    118 import sys
     144    print('''
    119145try:
    120146    import requests
     
    123149    sys.stderr.write('       Under Debian, the package name is "python3-requests"\\n.')
    124150    sys.exit(1)
    125 
    126 # from bletchley import blobtools,buffertools
    127 # from bletchley import chosenct
    128 # from bletchley.CBC import *
    129 
    130 
    131 # TODO: ensure the host, port, and SSL settings are correct.
    132 host = %s
    133 port = %s
    134 protocol = %s
    135 ''' % (repr(host),repr(port),repr(protocol)))
     151''')
    136152
    137153    headers = dict(headers)
     
    144160    print('''
    145161session = requests.Session()
    146 # TODO: use "data" to supply any parameters to be included in the request
    147162def sendRequest(session, data=None):
     163    data = data.decode('utf-8')
     164    # TODO: use "data" below, wherever your token normally appears
    148165    method = %s
    149166    path = %s
     
    157174    print('''   
    158175
    159 def fetch(data):
     176def fetch(data, other=None):
    160177    global session
    161178    ret_val = None
     179    response = sendRequest(session, encode(data))
    162180
    163181    # TODO: customize code here to retrieve what you need from the response(s)
    164182    # For information on the response object's interface, see:
    165183    #   http://docs.python-requests.org/en/latest/api/#requests.Response
    166     response = sendRequest(session, data)
     184
     185    # These are useful for debugging, but once your response processing is working,
     186    # remove them so it isn't so verbose.
    167187    print(response.headers)
    168188    print(repr(response.content))
    169189
    170190    return ret_val
    171 
    172 data = ''
    173 fetch(data)
    174191''')
    175192
     
    177194
    178195else:
    179     print('''#!/usr/bin/env python3
    180 
    181 import sys
     196    print('''
    182197import http.client as httpc
    183 # from bletchley import blobtools,buffertools
    184 # from bletchley.CBC import *
    185 
    186 
    187 # TODO: ensure the host, port, and SSL settings are correct.
    188 host = %s
    189 port = %s
    190 use_ssl = %s
    191 ''' % (repr(host),repr(port),repr(use_ssl)))
    192 
    193     print('''
    194 # TODO: use "data" to supply any parameters to be included in the request
     198
    195199def sendRequest(connection, data=None):
     200    data = data.decode('utf-8')
     201    # TODO: use "data" below, wherever your token normally appears
    196202    method = %s
    197203    path = %s
     
    227233    ret_val = False
    228234    connection = newConnection()
     235    response = sendRequest(connection, encode(data))
    229236
    230237    # TODO: customize code here to retrieve what you need from the response(s)
    231238    # For information on the response object's interface, see:
    232239    #   http://docs.python.org/library/httplib.html#httpresponse-objects
    233     response = sendRequest(connection, data)
     240
     241    # These are useful for debugging, but once your response processing is working,
     242    # remove them so it isn't so verbose.
    234243    print(response.getheaders())
    235244    print(repr(response.read()))
     
    237246    connection.close()
    238247    return ret_val
    239 
    240 data = ''
    241 fetch(data)
    242 ''')
     248''')
     249
    243250
    244251print('''
     252token = b'TODO: paste your encoded ciphertext here'
     253ciphertext = decode(token)
     254
     255# TODO: Use this to verify you get the response you expect. 
     256#       Once everything is working, use the commented code below to conduct specific attacks.
     257fetch(ciphertext)
     258
    245259
    246260# Padding Oracle Attacks
    247 # ciphertext = blobtools.decode('{ encoding }', data)
    248261# poa = POA(fetch, {block size}, ciphertext, threads=1, log_file=sys.stderr)
    249262# print(poa.probe_padding()) # sanity check
    250263# print(poa.decrypt())
    251264
     265
    252266# Byte-by-byte probing of ciphertext
    253 # ciphertext = blobtools.decode('{ encoding }', data)
     267#   Maybe start with this as a fast but gentle probe:
     268# result = chosenct.probe_bytes(fetch, ciphertext, [1,128], max_threads=2)
     269#   This is more in-depth (every bit of each byte) and more threads
    254270# result = chosenct.probe_bytes(fetch, ciphertext, [1,2,4,8,16,32,64,128], max_threads=5)
     271#   Yet more intensive (every byte value against every byte):
     272# result = chosenct.probe_bytes(fetch, ciphertext, list(range(1,256)), max_threads=8)
     273#
    255274# print(result.toHTML())
    256275''')
Note: See TracChangeset for help on using the changeset viewer.