Tool that runs the BREACH attack demonstrated at BlackHat 2013.
Switch branches/tags
Nothing to show
Clone or download


This tool features the basic BREACH attack. We're working on the browser-based prototype shown at BlackHat 2013.

This is intended for self-assessment only. Don't do bad things.


  • MITM: This is not required for the PoC. Instead, we suggest a simple HOSTS entry to enable measurement of the encrypted traffic.

  • Browserless: At this time we provide a simple HTTP client that simulates browser behavior. The full-featured browser-based tool will follow.

  • Block Ciphers: The tool isn't smart enough to work against block ciphers yet. Maybe you can send us a pull request to fix this!



  1. Windows OS (7+ tested)
  2. .NET 3.5+ Framework
  3. Visual Studio 2010+ (if you want to modify the code)

How to run:

  1. Build the projects to get the executables, or download them at
  2. Run (echo. && echo >> %windir%\system32\drivers\etc\hosts in a command shell with admin privs.
  3. Launch SSLProxy.exe.
  4. Launch BREACH Basic.exe.
  5. Verify the secret extracted is correct. (Take a look at the source of

How to customize:

  1. Edit your hosts file entry with your new target.
  2. Edit TargetIP address in SSLProxy.cs.
  3. Edit KeySpace in BREACH Basic.cs to reflect the target secret's alphabet.
  4. Edit TargetURL in BREACH Basic.cs.
  5. Edit canary to specify your bootstrapping sequence in 'BREACH Basic.cs'.
  6. Compile & Run.

How to contribute:

Fork this repo. Make some awesome changes. Send us a pull request.