Changeset 79

Timestamp:

06/09/15 10:59:12 (9 years ago)

Author:

tim

Message:

.

File:

• trunk/bin/bletchley-http2py (modified) (9 diffs)

trunk/bin/bletchley-http2py

@@ -14 +14 @@
 insists on using gzip/deflate encoding, insists on using chunked encoding,
 or any number of other annoying things, then using an HTTP library is a 
-lot more convenient.  This script attempts to make that conversion easy.
+lot more convenient.  This script attempts to make the conversion from a
+raw HTTP request to HTTP library calls easy.
 
 
 Copyright (C) 2011-2013 Virtual Security Research, LLC
+Copyright (C) 2014-2015 Blindspot Security LLC
 Author: Timothy D. Morgan
 
@@ -32 +34 @@
  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 '''
-
 
 import sys
@@ -113 +114 @@
 
 
+print('''#!/usr/bin/env python3
+# This script was generated by bletchley-http2py
+# See the "TODO" comments below for places to edit your request as needed for your situation.
+
+import sys
+from bletchley import blobtools,buffertools
+from bletchley import chosenct
+from bletchley.CBC import *
+
+# TODO: ensure the host, port, and SSL settings are correct.
+host = %s
+port = %s
+protocol = %s
+
+def decode(token):
+    # TODO: Perhaps you needs something like this?
+    #       (See 'bletchley-decode -e ?' for a list of encodings)
+    # return blobtools.decodeAll(['percent/mixed','base64/rfc3548'], data)
+    return token
+
+
+def encode(binary):
+    # TODO: Perhaps you needs something like this?
+    # return blobtools.encodeAll(['base64/rfc3548', 'percent/mixed'], data)
+    return binary
+''' % (repr(host),repr(port),repr(protocol)))
+
 if args.requests:
-    print('''#!/usr/bin/env python3
-
-import sys
+    print('''
 try:
     import requests
@@ -123 +149 @@
     sys.stderr.write('       Under Debian, the package name is "python3-requests"\\n.')
     sys.exit(1)
-
-# from bletchley import blobtools,buffertools
-# from bletchley import chosenct
-# from bletchley.CBC import *
-
-
-# TODO: ensure the host, port, and SSL settings are correct.
-host = %s
-port = %s
-protocol = %s
-''' % (repr(host),repr(port),repr(protocol)))
+''')
 
     headers = dict(headers)
@@ -144 +160 @@
     print('''
 session = requests.Session()
-# TODO: use "data" to supply any parameters to be included in the request
 def sendRequest(session, data=None):
+    data = data.decode('utf-8')
+    # TODO: use "data" below, wherever your token normally appears
     method = %s
     path = %s
@@ -157 +174 @@
     print('''    
 
-def fetch(data):
+def fetch(data, other=None):
     global session
     ret_val = None
+    response = sendRequest(session, encode(data))
 
     # TODO: customize code here to retrieve what you need from the response(s)
     # For information on the response object's interface, see:
     #   http://docs.python-requests.org/en/latest/api/#requests.Response
-    response = sendRequest(session, data)
+
+    # These are useful for debugging, but once your response processing is working,
+    # remove them so it isn't so verbose.
     print(response.headers)
     print(repr(response.content))
 
     return ret_val
-
-data = ''
-fetch(data)
 ''')
 
@@ -177 +194 @@
 
 else:
-    print('''#!/usr/bin/env python3
-
-import sys
+    print('''
 import http.client as httpc
-# from bletchley import blobtools,buffertools
-# from bletchley.CBC import *
-
-
-# TODO: ensure the host, port, and SSL settings are correct.
-host = %s
-port = %s
-use_ssl = %s
-''' % (repr(host),repr(port),repr(use_ssl)))
-
-    print('''
-# TODO: use "data" to supply any parameters to be included in the request
+
 def sendRequest(connection, data=None):
+    data = data.decode('utf-8')
+    # TODO: use "data" below, wherever your token normally appears
     method = %s
     path = %s
@@ -227 +233 @@
     ret_val = False
     connection = newConnection()
+    response = sendRequest(connection, encode(data))
 
     # TODO: customize code here to retrieve what you need from the response(s)
     # For information on the response object's interface, see:
     #   http://docs.python.org/library/httplib.html#httpresponse-objects
-    response = sendRequest(connection, data)
+
+    # These are useful for debugging, but once your response processing is working,
+    # remove them so it isn't so verbose.
     print(response.getheaders())
     print(repr(response.read()))
@@ -237 +246 @@
     connection.close()
     return ret_val
-
-data = ''
-fetch(data)
-''')
+''')
+
 
 print('''
+token = b'TODO: paste your encoded ciphertext here'
+ciphertext = decode(token)
+
+# TODO: Use this to verify you get the response you expect.  
+#       Once everything is working, use the commented code below to conduct specific attacks.
+fetch(ciphertext)
+
 
 # Padding Oracle Attacks 
-# ciphertext = blobtools.decode('{ encoding }', data)
 # poa = POA(fetch, {block size}, ciphertext, threads=1, log_file=sys.stderr)
 # print(poa.probe_padding()) # sanity check
 # print(poa.decrypt())
 
+
 # Byte-by-byte probing of ciphertext
-# ciphertext = blobtools.decode('{ encoding }', data)
+#   Maybe start with this as a fast but gentle probe:
+# result = chosenct.probe_bytes(fetch, ciphertext, [1,128], max_threads=2)
+#   This is more in-depth (every bit of each byte) and more threads
 # result = chosenct.probe_bytes(fetch, ciphertext, [1,2,4,8,16,32,64,128], max_threads=5)
+#   Yet more intensive (every byte value against every byte):
+# result = chosenct.probe_bytes(fetch, ciphertext, list(range(1,256)), max_threads=8)
+# 
 # print(result.toHTML())
 ''')