-
Notifications
You must be signed in to change notification settings - Fork 498
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Implement BREACH / CRIME encryption compression attacks #21
Comments
This is exactly the direction I wanted to go. My thought, however, was to start with something as simple as possible and then implement BREACH/CRIME/compression attacks once that's in place. The simplest thing I could think of that would still have very high effectiveness against a lay person was to implement some kind of SSL server and serve a self-signed SSL cert for every https domain they visit since we know that the majority of people just click through SSL security warnings. SSLstrip was in an older version of this program but SSLstrip absolutely murders the victim's browsing speeds to the point of uselessness. I'm going to keep this issue open until I get the basic self-signed SSL proxy working and hopefully won't have the same speed issues at SSLstrip. |
Ahh, so you want the SSL proxy as a "victim" which you can test the attack against? Does it serve another purpose which I missed? |
Sorry if I grossly misunderstand. I'm just starting to learn chosen plain text attacks and python networking. P.S. I love your choice to use Scapy. :) |
End goal is to make it so when you use the -s option or maybe -ssl option the script will use it's own self signed certificate for all https sites the victim visits so the victim will see a security warning when they visit pages like gmail.com. Since the script is using it's own SSL cert, it can decrypt the traffic the user sends to the https site. |
ahh, got yah. That will allow MITM without the normal traffic being disrupted. |
Another video on the topic, this time from blackhat: https://www.youtube.com/watch?v=e3hOJfrSD9g&list=PLiq_fDYFoqMocM7ADQCTfGAdI9CXA-kUs&index=34 |
http://breachattack.com/
http://security.stackexchange.com/questions/39925/breach-a-new-attack-against-http-what-can-be-done
http://security.stackexchange.com/questions/20406/is-http-compression-safe
They compliment eachother, from my understanding.
Here's an implementation in coffee script (i think that's what the .cs extension means?)
https://github.com/nealharris/BREACH
The text was updated successfully, but these errors were encountered: