crypto modules

Cryptography/MD5/Hash-Length-extension-attacks/VimeoHashExploit/server.py

@@ -1,75 +0,0 @@
-"""
-    adapted from Fillipo Valsorda's tutorial
-    august/2014
-"""
-
-import os
-import binascii
-import md5
-import urlparse
-from flask import Flask, request, abort, render_template
-
-
-PORT = 4242
-USER_ID = 42
-USER_NAME = "Jack"
-API_KEY = binascii.hexlify(os.urandom(16))
-API_SECRET = binascii.hexlify(os.urandom(16))
-app = Flask(__name__)
-
-
-
-
-def sign_req(values, secret):
-    s = secret
-    for k, v in sorted(values.items()):
-        s += k
-        s += v
-    return md5.MD5(s).hexdigest()
-
-
-@app.route('/')
-def show_info():
-    req = {
-        "method": "vimeo.test.login",
-        "api_key": API_KEY
-    }
-
-    return render_template('info.html',
-        user_id=USER_ID, api_key=API_KEY, user_name=USER_NAME,
-        api_sig=sign_req(req, API_SECRET))
-
-@app.route('/api', methods=['POST'])
-def handle_api():
-    values = dict(urlparse.parse_qsl(request.get_data()))
-
-    if not 'api_sig' in values: abort(400)
-    if not 'api_key' in values: abort(400)
-    if not 'method' in values: abort(400)
-
-    if values['api_key'] != API_KEY: abort(403)
-    api_sig = values['api_sig']
-    del values['api_sig']
-    if sign_req(values, API_SECRET) != api_sig: abort(403)
-
-    if values["method"] == "vimeo.test.login":
-        return render_template("user.xml", user_id=USER_ID, user_name=USER_NAME)
-
-    elif values["method"] == "vimeo.videos.setFavorite":
-        if not 'video_id' in values: abort(400)
-        if not 'favorite' in values: abort(400)
-
-        if values["video_id"] != '1337': abort(404)
-
-        return render_template("ok.xml")
-
-    else:
-        abort(404)
-
-
-
-
-
-if __name__ == '__main__':
-    app.debug = True
-    app.run(port=PORT)