The main purpose of this docker image is to create a vulnerable environment to exploit BREACH. To run this image after installing Docker, use a command like this:
$ sudo docker run --rm -p 443:443 jselvi/breach
Now you can test if we are facing a vulnerable web server by using a tool such as testssl.sh:
$ testssl.sh --breach https://127.0.0.1
BREACH (CVE-2013-3587)
potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
The legitimate user should visit https://127.0.0.1/?whatever
. This page will send a response with an anti-csrf token together with whatever
.
An attacker should be able to exploit BREACH and obtain the anti-csrf token value. For this example, this token is static and never changes. It doesn't really matter to exploit the issue, and it was much easier to implement.