import urllib2
import sys
TARGET = 'http://c...content-available-to-author-only...t.com/po?er='
#--------------------------------------------------------------
# padding oracle
#--------------------------------------------------------------
class PaddingOracle(object):
def query(self, q):
target = TARGET + urllib2.quote(q) # Create query URL
req = urllib2.Request(target) # Send HTTP request to server
try:
f = urllib2.urlopen(req) # Wait for response
print 'Success!!!'
except urllib2.HTTPError, e:
print "We got: %d" % e.code # Print response code
if e.code == 404:
return True # good padding
return False # bad padding
aW1wb3J0IHVybGxpYjIKaW1wb3J0IHN5cwoKVEFSR0VUID0gJ2h0dHA6Ly9jLi4uY29udGVudC1hdmFpbGFibGUtdG8tYXV0aG9yLW9ubHkuLi50LmNvbS9wbz9lcj0nCgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBwYWRkaW5nIG9yYWNsZQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KY2xhc3MgUGFkZGluZ09yYWNsZShvYmplY3QpOgogICAgZGVmIHF1ZXJ5KHNlbGYsIHEpOgogICAgICAgIHRhcmdldCA9IFRBUkdFVCArIHVybGxpYjIucXVvdGUocSkgICAgIyBDcmVhdGUgcXVlcnkgVVJMCiAgICAgICAgcmVxID0gdXJsbGliMi5SZXF1ZXN0KHRhcmdldCkgICAgICAgICAjIFNlbmQgSFRUUCByZXF1ZXN0IHRvIHNlcnZlcgogICAgICAgIHRyeToKICAgICAgICAgICAgZiA9IHVybGxpYjIudXJsb3BlbihyZXEpICAgICAgICAgICMgV2FpdCBmb3IgcmVzcG9uc2UKICAgICAgICAgICAgcHJpbnQgJ1N1Y2Nlc3MhISEnCiAgICAgICAgZXhjZXB0IHVybGxpYjIuSFRUUEVycm9yLCBlOgogICAgICAgICAgICBwcmludCAiV2UgZ290OiAlZCIgJSBlLmNvZGUgICAgICAgIyBQcmludCByZXNwb25zZSBjb2RlCiAgICAgICAgICAgIGlmIGUuY29kZSA9PSA0MDQ6CiAgICAgICAgICAgICAgICByZXR1cm4gVHJ1ZSAjIGdvb2QgcGFkZGluZwogICAgICAgICAgICByZXR1cm4gRmFsc2UgIyBiYWQgcGFkZGluZw==