forked from AonCyberLabs/PadBuster
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME
20 lines (15 loc) · 1.04 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
PadBuster - Automated script for performing Padding Oracle attacks
Author: Brian Holyfield - Gotham Digital Science (labs@gdssecurity.com)
Credits to J.Rizzo and T.Duong for providing proof of concept web exploit
techniques and S.Vaudenay for initial discovery of the attack. Credits also
to James M. Martin (research@esptl.com) for sharing proof of concept exploit
code for performing various brute force attack techniques. Credits for variuos
improvements to GW (gw.2011@tnode.com or http://gw.tnode.com/) - Viris.
PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster
provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext,
and perform automated response analysis to determine whether a request is vulnerable
to padding oracle attacks.
autoBuster.sh is a script for automatic resource path encoding, bruteforcing and
file downloading by GW (gw.2011@tnode.com or http://gw.tnode.com/) - Viris.
PadBuster is released under the Reciprocal Public License 1.5 (RPL1.5)
http://www.opensource.org/licenses/rpl1.5