Third laboratory for the Computer Network Security (CNS) course at Tor Vergata during scholar year 2023-2024.
In the laboratory we implemented the classical CBC padding oracle over padding scheme PKCS#7 that was introduced by Serge Vaudenay in his seminal paper “CBC Padding: Security Flaws in SSL, IPSEC, WTLS”. In order to understand how to implement the attack we have used a CTF-like challenge made up of a server TCP written in python.
Links to the material of the lecture:
Associated with this lecture there is also the new CTF challenge called Don’t Touch My Cookie present in the official CTF site at: https://ctf.leonardotamiano.xyz.
For any doubts feel free to contact me.
Thank you.