Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PaddingOracleAttacker runs endlessly(?) while producing thousand of warnings #113

Open
m10x opened this issue Jan 28, 2025 · 0 comments
Open

PaddingOracleAttacker runs endlessly(?) while producing thousand of warnings #113

m10x opened this issue Jan 28, 2025 · 0 comments

Comments

@m10x
Copy link
Contributor

m10x commented Jan 28, 2025

I have one target where the PaddingOracleAttacker is printing the same warnings over and over again (currently almost 4000times) since over 400 minutes.

INFO : Main - Performing Scan, this may take some time...
INFO : Reflections - Reflections took 507 ms to scan 10 urls, producing 314 keys and 2578 values
INFO : ThreadedScanJobExecutor - Common bugs probe executed
INFO : ThreadedScanJobExecutor - Server name indication (SNI) probe executed
INFO : ThreadedScanJobExecutor - Compression probe executed
INFO : ThreadedScanJobExecutor - Protocol version probe executed
INFO : ThreadedScanJobExecutor - Cipher suite order probe executed
INFO : ThreadedScanJobExecutor - Client certificate authentication support probe executed
INFO : ThreadedScanJobExecutor - Signature Hash Algorithm Order probe executed
INFO : ThreadedScanJobExecutor - Record fragmentation probe executed
INFO : ThreadedScanJobExecutor - Early CCS probe executed
INFO : ThreadedScanJobExecutor - Tokenbinding probe executed
INFO : ThreadedScanJobExecutor - HTTP header probe executed
INFO : ThreadedScanJobExecutor - Cipher suite probe executed
INFO : ThreadedScanJobExecutor - Extensions probe executed
INFO : ThreadedScanJobExecutor - Signature and hash algorithm probe executed
INFO : ThreadedScanJobExecutor - TLS Fallback SCSV probe executed
INFO : ThreadedScanJobExecutor - Hello retry probe executed
INFO : ThreadedScanJobExecutor - ESNI probe executed
INFO : ThreadedScanJobExecutor - Client certificate authentication support probe executed
INFO : ThreadedScanJobExecutor - Certificate probe executed
INFO : ThreadedScanJobExecutor - Direct RACCOON probe executed
INFO : ThreadedScanJobExecutor - EC point formats probe executed
INFO : ThreadedScanJobExecutor - Resumption probe executed
INFO : ThreadedScanJobExecutor - Renegotiation probe executed
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@29870437, vector=BasicMac-15-01{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00}, macModification=ByteArrayXorModification{xor=01, startPosition=15}, paddingModification=null}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@4af416af, vector=BasicMac-8-08{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00}, macModification=ByteArrayXorModification{xor=08, startPosition=8}, paddingModification=null}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@7e2a0752, vector=BasicMac-0-80{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00}, macModification=ByteArrayXorModification{xor=80, startPosition=0}, paddingModification=null}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@23a30f5d, vector=MissingMacByteFirst{cleanModification=ByteArrayExplicitValueModification{explicitValue=}, macModification=ByteArrayDeleteModificati
on{count=1, startPosition=0}, paddingModification=ByteArrayExplicitValueModification{explicitValue=
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@3efa00e1, vector=MissingMacByteLast{cleanModification=ByteArrayExplicitValueModification{explicitValue=}, macModification=ByteArrayDeleteModificatio
n{count=1, startPosition=15}, paddingModification=ByteArrayExplicitValueModification{explicitValue=
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@37ba756, vector=Plain XF (0xXF=#padding bytes){modification=ByteArrayExplicitValueModification{explicitValue=
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@6670fb0f, vector=Plain FF{modification=ByteArrayExplicitValueModification{explicitValue=
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
....SNIP.....
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@34fd6c0b, vector=InvPadInvMac-[3]-57-6{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00}, macModification=ByteArrayXorModification{xor=01, startPosition=0}, paddingModification=ByteArrayExplicitValueModification{explicitValue=06 06 06 0E 06 06 06}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@11935d6a, vector=InvPadInvMac-[last]-57-6{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00}, macModification=ByteArrayXorModification{xor=01, startPosition=0}, paddingModification=ByteArrayExplicitValueModification{explicitValue=06 06 06 06 06 06 07}}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@m10x