Today I tested the. NET Framework Padding Oracle Attack scan. The tool is available at aspnet.codeplex.com/"> http://ethicalhackingaspnet.codeplex.com:
Test started, please be patient...
Request: http://www.eskynet.cn/
Response from: http://www.eskynet.cn/
Response length: 23033
Status Codes: 200 OK
Response time: 43 msec
Request to: http://www.eskynet.cn/NonExistingPageForLENSTEST.aspx
Response from: http://www.eskynet.cn/NonExistingPageForLENSTEST.aspx
Response length: 1526
Status code: 404 NotFound
Response time: 295 msec
Request to: http://www.eskynet.cn/ScriptResource.axd? D = LENSTEST & amp; t = LENSTEST
Response from: http://www.eskynet.cn/ScriptResource.axd? D = LENSTEST & amp; t = LENSTEST
Response length: 1513
Status code: 404 NotFound
Response time: 8 msec
Request to: http://www.eskynet.cn/WebResource.axd? D = LENSTEST & amp; t = LENSTEST
Response from: http://www.eskynet.cn/WebResource.axd? D = LENSTEST & amp; t = LENSTEST
Response length: 3026
Status code: 500 InternalServerError
Response time: 308 msec
The site is VULNERABLE to the Padding Oracle Attack (based on the HTTP response codes and content). Scroll up for the details.
Test completed.
The judgment code is as follows (Note that the number starts from 0 ):
If (this. statusCodes [1] = this. statusCodes [2] & this. statusCodes [2] = this. statusCodes [3] & this. contents [1] = this. contents [2] & this. contents [2] = this. contents [3]) {this. writeOutput ("The site is PROBABLY safe from the Padding Oracle attack (based on the HTTP response codes and content ). scroll up for the details. ");} else {this. writeOutput ("The site is VULNERABLE to the Padding Oracle Attack (based on the HTTP response codes and content ). scroll up for the details. ");}