Skip to content

Latest commit

 

History

History
52 lines (33 loc) · 2.55 KB

README.md

File metadata and controls

52 lines (33 loc) · 2.55 KB

🏛️ Delphi 🔮

Made by BRM.


Delphi is a Python library for conducting CBC padding oracle attacks—a cryptographic technique that exploits padding validation to decrypt ciphertexts or forge new ones.

This library simplifies padding oracle attacks by providing versatile functions for encryption and decryption that can be seamlessly integrated into your custom PoC scripts targeting specific systems.

Features

  • Decryption Attacks: Recover plaintext from encrypted messages.
  • Encryption Attacks: Forge ciphertexts to produce any desired plaintext.
  • Flexible IV Control: Supports both scenarios where the Initialization Vector is controllable and where it isn’t.
  • Seamless Integration: Easily incorporate into PoC scripts tailored to your target.

How To Use

Integrating Delphi into your PoC script is straightforward.

First, clone the repository to your local machine and install the dependencies:

git clone https://github.com/BrunoRochaDev/Delphi.git
cd Delphi
pip install -r requirements.txt

Next, create your own Python script within this directory. To use Delphi, follow these steps:

  1. Import the encrypt and/or decrypt functions from Delphi as needed.
  2. Implement your own function that communicates with the padding oracle and returns True if the oracle indicates the padding is valid, or False otherwise.
  3. Call the encrypt and/or decrypt functions from Delphi, supplying the necessary arguments.

The example.py file is included to illustrate how Delphi's functions, defined in delphi.py, can be utilized in a practical PoC.

How It Works

For an in-depth explanation of padding oracle attacks, check out my blog post: How To Exploit Padding Oracles.

This post delves into the cryptographic concepts behind the attack, showcases a hypothetical web application vulnerable to it, and demonstrates a PoC leveraging Delphi to exploit the vulnerability.

Disclaimer

Delphi is intended for educational and research purposes only.

Use this library responsibly. Unauthorized usage against systems without explicit permission may breach laws and ethical standards. The author assumes no responsibility for misuse.

License

This project is distributed under the AGPLv3 License. See the LICENSE file for details.