Skip to content

PaddingOracleAttacker runs endlessly(?) while producing thousand of warnings #113

New issue
New issue
Open
#136
Open
PaddingOracleAttacker runs endlessly(?) while producing thousand of warnings#113
#136
Labels
bugenhancement
@m10x

Description

@m10x
m10x
opened on Jan 28, 2025

I have one target where the PaddingOracleAttacker is printing the same warnings over and over again (currently almost 4000times) since over 400 minutes.

INFO : Main - Performing Scan, this may take some time...
INFO : Reflections - Reflections took 507 ms to scan 10 urls, producing 314 keys and 2578 values
INFO : ThreadedScanJobExecutor - Common bugs probe executed
INFO : ThreadedScanJobExecutor - Server name indication (SNI) probe executed
INFO : ThreadedScanJobExecutor - Compression probe executed
INFO : ThreadedScanJobExecutor - Protocol version probe executed
INFO : ThreadedScanJobExecutor - Cipher suite order probe executed
INFO : ThreadedScanJobExecutor - Client certificate authentication support probe executed
INFO : ThreadedScanJobExecutor - Signature Hash Algorithm Order probe executed
INFO : ThreadedScanJobExecutor - Record fragmentation probe executed
INFO : ThreadedScanJobExecutor - Early CCS probe executed
INFO : ThreadedScanJobExecutor - Tokenbinding probe executed
INFO : ThreadedScanJobExecutor - HTTP header probe executed
INFO : ThreadedScanJobExecutor - Cipher suite probe executed
INFO : ThreadedScanJobExecutor - Extensions probe executed
INFO : ThreadedScanJobExecutor - Signature and hash algorithm probe executed
INFO : ThreadedScanJobExecutor - TLS Fallback SCSV probe executed
INFO : ThreadedScanJobExecutor - Hello retry probe executed
INFO : ThreadedScanJobExecutor - ESNI probe executed
INFO : ThreadedScanJobExecutor - Client certificate authentication support probe executed
INFO : ThreadedScanJobExecutor - Certificate probe executed
INFO : ThreadedScanJobExecutor - Direct RACCOON probe executed
INFO : ThreadedScanJobExecutor - EC point formats probe executed
INFO : ThreadedScanJobExecutor - Resumption probe executed
INFO : ThreadedScanJobExecutor - Renegotiation probe executed
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@29870437, vector=BasicMac-15-01{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00}, macModification=ByteArrayXorModification{xor=01, startPosition=15}, paddingModification=null}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@4af416af, vector=BasicMac-8-08{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00}, macModification=ByteArrayXorModification{xor=08, startPosition=8}, paddingModification=null}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@7e2a0752, vector=BasicMac-0-80{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00}, macModification=ByteArrayXorModification{xor=80, startPosition=0}, paddingModification=null}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@23a30f5d, vector=MissingMacByteFirst{cleanModification=ByteArrayExplicitValueModification{explicitValue=}, macModification=ByteArrayDeleteModificati
on{count=1, startPosition=0}, paddingModification=ByteArrayExplicitValueModification{explicitValue=
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@3efa00e1, vector=MissingMacByteLast{cleanModification=ByteArrayExplicitValueModification{explicitValue=}, macModification=ByteArrayDeleteModificatio
n{count=1, startPosition=15}, paddingModification=ByteArrayExplicitValueModification{explicitValue=
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40  40 40 40 40 40 40 40 40
40}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@37ba756, vector=Plain XF (0xXF=#padding bytes){modification=ByteArrayExplicitValueModification{explicitValue=
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F
4F 4F 4F 4F 4F 4F 4F 4F  4F 4F 4F 4F 4F 4F 4F 4F}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@6670fb0f, vector=Plain FF{modification=ByteArrayExplicitValueModification{explicitValue=
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
....SNIP.....
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@34fd6c0b, vector=InvPadInvMac-[3]-57-6{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00}, macModification=ByteArrayXorModification{xor=01, startPosition=0}, paddingModification=ByteArrayExplicitValueModification{explicitValue=06 06 06 0E 06 06 06}}}
WARN : PaddingOracleAttacker - Could not extract fingerprint for FingerprintTaskVectorPair{fingerPrintTask=de.rub.nds.tlsscanner.core.task.FingerPrintTask@11935d6a, vector=InvPadInvMac-[last]-57-6{cleanModification=ByteArrayExplicitValueModification{explicitValue=
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  00}, macModification=ByteArrayXorModification{xor=01, startPosition=0}, paddingModification=ByteArrayExplicitValueModification{explicitValue=06 06 06 06 06 06 07}}}

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugenhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions