Learn about timing side-channel vulnerabilities by exploiting and patching a flawed authentication service.
docker-compose up --build- Vulnerable service:
http://localhost:5000 - Fixed (patched) service:
http://localhost:5001
code.py— vulnerable servicesolution.py— fixed servicehack.py— attack tooltests.py— validation testshint.txt— hints for learnersgraph.py— visualize response timings
- Try attacking the vulnerable service using
hack.py. - Analyze timing information to find valid users and PINs.
- Patch the service (see
solution.py) and re-test. - Use visual graphs for deeper understanding.
- Identify and exploit timing side-channels
- Learn constant-time coding techniques
- Understand authentication security best practices
See hint.txt for help!
my_streaming_software/ ├── src/ │ ├── main.cpp │ ├── recorder/ │ │ ├── screen_recorder.cpp │ │ └── screen_recorder.h │ │ ├── webcam_recorder.cpp │ │ └── webcam_recorder.h │ │ ├── audio_recorder.cpp │ │ └── audio_recorder.h │ ├── streamer/ │ │ ├── live_streamer.cpp │ │ └── live_streamer.h │ ├── gui/ │ │ ├── main_window.cpp │ │ └── main_window.h │ └── utils/ │ ├── ffmpeg_wrapper.cpp │ └── ffmpeg_wrapper.h ├── docs/ │ ├── README.md │ ├── CONTRIBUTING.md │ └── INSTALL.md ├── tests/ │ ├── test_recorder.cpp │ ├── test_streamer.cpp │ ├── test_webcam_recorder.cpp │ ├── test_audio_recorder.cpp │ └── test_real_time_effects.cpp └── LICENSE