What is a good way to count up in hex and append the result to the end of a larger hex string? I am trying to format a string to be used in a padding oracle attack. The strings will be concatenated together to form an HTTP request.
I have a two 32 character hex strings. 'g' is a guess, pad is the padding oracle. Basically what I need to do is have the last byte of g count up in hex from 0x00 to 0xff.The code I have so far is:
split = [value[x:x+32] for x in range (0, len(value), 32)] #Split the CT into 16 byte chunks IV = unhexlify(split[0]) c0 = unhexlify(split[1]) c1 = unhexlify(split[2]) c2 = unhexlify(split[3]) g = unhexlify("00000000000000000000000000000000") pad = unhexlify("00000000000000000000000000000001") pad_xor_guess = xorb(g, pad) c1_prime = xorb(pad_xor_guess, c1) attack = str(hexlify(c1_prime + c2).decode()) 'attack' will be passed into the query method that will append the attack string to the web address. Now the part I am stuck on is that I have to basically send up to 256 HTTP requests to guess one byte of the plaintext. How can I use a for loop to "count up" from 00 to ff, appending the result to g in such a way that it can be xor'd with the pad and the chosen ciphertext block? SO far I have been going down this path, but I am stuck on how to make this work with the hex strings.
for i in range(0, 20): #g = bytes([i]) print(bytes([i]),end=' ') #print(g, end=' ') 
for i in range(255): hex(i)