Arch linux |
Kali / Debian |
Others |
---|---|---|
yay -Syu rustpad |
See releases | cargo install rustpad |
rustpad
is a multi-threaded successor to the classic padbuster
, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!
- Decryption of cypher texts
- Encryption of arbitrary plain text
- Multi-threading on both block and byte level
- Modern, real-time and interactive TUI!
- No-TTY support, so you can just pipe output to a file
- Supports Web server oracles...
- ... and Script-based oracles. For when you need just that extra bit of control.
- Automated calibration of web oracle's (in)correct padding response
- Progress bar and automated retries
- Tab auto-completion
- Block-level caching
- Smart detection of cypher text encoding, supporting:
hex
,base64
,base64url
- No IV support
- Written in purely safe Rust, making sure you don't encounter nasty crashes
Using rustpad
to attack a padding oracle is easy. It requires only 4 pieces of information to start:
- type of oracle (
web
/script
, see below) - target oracle (
--oracle
) - cypher text to decrypt (
--decrypt
) - block size (
--block-size
)
Web mode specifies that the oracle is located on the web. In other words, the oracle is a web server with a URL.
For a padding oracle attack to succeed, an oracle must say so if a cypher text with incorrect padding was provided. rustpad
will analyse the oracle's responses and automatically calibrate itself to the oracle's behaviour.
Script mode was made for power users or CTF players 🏴☠️ who were given a script to run. The target oracle is a local shell script.
Scripts allow you to run attacks against local oracles or more exotic services. Or you can use script mode to customise and extend rustpad
's features. However, if you're missing a feature, feel free to open an issue on GitHub!
rustpad
can generate tab auto-completion scripts for most popular shells:
rustpad setup <shell>
Consult your shell's documentation on what to do with the generated script.
- smarter URL parsing
- advanced calibration: response text should contain "x", time-based
- automated block size detection
- .NET URL token encoding?