This repository contains a series of functions that are an experimental attempt of producing a proof of concept of a timing attack exploiting the use of a "==" in the internal implementation of gradio 4.19.1 as stated in the following article:
To get a response, you must follow the steps:
- Default Launch:
After creating a venv according to the requirements.txt file, to launch the target for the attack on a local machine:python front.py
- Specific File Launch:
To try and guess the frst letter of a password, supposing that we already dispose of the correct username (times stored in a text file as a python dict):python AttackOnGradio.py
To see the difference in time spent on a an attempt with only one or two letters mismatched:
List of LLM choices:
python bis.py