I'm more familiar w/ the code base etc now...
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
Simon,
First, sorry for the top post, but only have my phone to reply on at the moment.
Okay. Well, this is something like what I was thinking of. To be honest, I wasn't even aware of this, so kudos there.
I did just now look through the code though. All this does is *spot* potential padding oracle vulnerabilities, not actually attempt to *exploit* them, which I was also thinking of. Exploiting them could lead to a whole lot of other interesting discoveries. Still, it is a *very* good start.
This also only looks at encrypted parameters. I suggest extending to look for encrypted cookies as well. And maybe, XML or JSON used with AJAX & web services although that is much less common.
Lastly, the part about looking for an actual usable oracle (the check at line 210 & loop at line 233) is a bit naive and could be embellished a lot, especially to consider timing side-channel attacks.
But yeah, this is a great start and as such is does make it within the realm of possibility for GSoC I think.
-kevin
Sent from my Droid; please excuse typos.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-develop/4Pro0YpO7B8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-devel...@googlegroups.com.
Is there a GSoC site on which I'm supposed to apply as a mentor? Does open up after the organizations are chosen?
I guess the organization list is announced at 7PM UTC today...https://developers.google.com/open-source/gsoc/timeline
--
Sorry I should have been more clear. I know the deadline for mentoring organizations is over. However, in past years individual mentors have been a separate registration (which could also be over).
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-develop/4Pro0YpO7B8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-devel...@googlegroups.com.
> <mailto:zaproxy-develop+unsub...@googlegroups.com>.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
For more options, visit https://groups.google.com/d/optout.
--Johanna CurielOWASP Volunteer