Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Implement BREACH / CRIME encryption compression attacks #21

Closed
chadfurman opened this issue Nov 22, 2013 · 6 comments
Closed

Feature Request: Implement BREACH / CRIME encryption compression attacks #21

chadfurman opened this issue Nov 22, 2013 · 6 comments
Assignees
@DanMcInerney

Comments

@chadfurman
Copy link

http://breachattack.com/
http://security.stackexchange.com/questions/39925/breach-a-new-attack-against-http-what-can-be-done
http://security.stackexchange.com/questions/20406/is-http-compression-safe

They compliment eachother, from my understanding.

Here's an implementation in coffee script (i think that's what the .cs extension means?)

https://github.com/nealharris/BREACH
@ghost ghost assigned DanMcInerney Nov 22, 2013
@DanMcInerney
Copy link
Owner

This is exactly the direction I wanted to go. My thought, however, was to start with something as simple as possible and then implement BREACH/CRIME/compression attacks once that's in place. The simplest thing I could think of that would still have very high effectiveness against a lay person was to implement some kind of SSL server and serve a self-signed SSL cert for every https domain they visit since we know that the majority of people just click through SSL security warnings. SSLstrip was in an older version of this program but SSLstrip absolutely murders the victim's browsing speeds to the point of uselessness.

I'm going to keep this issue open until I get the basic self-signed SSL proxy working and hopefully won't have the same speed issues at SSLstrip.

@chadfurman
Copy link
Author

Ahh, so you want the SSL proxy as a "victim" which you can test the attack against? Does it serve another purpose which I missed?

@chadfurman
Copy link
Author

Sorry if I grossly misunderstand. I'm just starting to learn chosen plain text attacks and python networking.

P.S. I love your choice to use Scapy. :)

@DanMcInerney
Copy link
Owner

End goal is to make it so when you use the -s option or maybe -ssl option the script will use it's own self signed certificate for all https sites the victim visits so the victim will see a security warning when they visit pages like gmail.com. Since the script is using it's own SSL cert, it can decrypt the traffic the user sends to the https site.

@chadfurman
Copy link
Author

ahh, got yah. That will allow MITM without the normal traffic being disrupted.

@chadfurman
Copy link
Author

Another video on the topic, this time from blackhat: https://www.youtube.com/watch?v=e3hOJfrSD9g&list=PLiq_fDYFoqMocM7ADQCTfGAdI9CXA-kUs&index=34

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DanMcInerney DanMcInerney

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chadfurman @DanMcInerney