Lens: Padding Oracle test module

The Padding Oracle tab of Lens provides tools to test whether a site is vulnerable to the Padding Oracle Attack.

How to use

  1. Enter a valid URL to the Target URL textbox. You can optionally click to Open to check the URL in your default browser.
  2. You can optionally specify a Timeout value, to control the wait time for the response.
  3. Click on the Send test requests button to send the generated test requests to the server. Please be patient, it will take a while and v. of Lens does not display a progress bar :(
  4. When the test completes, the details of the requests and the responses are displayed in the Output window. When all responses are received, Lens compares the HTTP error codes and the response content (that is usually an error page) for the generated requests. If they differ, than it is very likely that the site is vulnerable to the Padding Oracle Attack. If they match, than the site is probably safe from this type of attack.

NOTE: This test is ASP.NET specific and not 100% reliable.

Lens - Padding Oracle.png

Last edited Sep 20, 2010 at 7:08 AM by balassy, version 7


No comments yet.