Rupture is a framework for easily conducting BREACH and other compression-based attacks.
For more information, please visit Rupture's home page: RuptureIt
Rupture is developed by:
- Dimitris Karakostas firstname.lastname@example.org
- Dionysis Zindros email@example.com
- Eva Sarafianou firstname.lastname@example.org
- Dimitris Grigoriou email@example.com
This research is being conducted at the Cryptography & Security lab at the University of Athens and the National Technical University of Athens.
Rupture is licensed under MIT. See LICENSE for more information.
You can install the whole framework as follows:
- Install rupture.
rupture/ $ ./install.sh all
or you can also install each module separately, as below.
- Install injection.
rupture$ ./install.sh injection
- Install client.
rupture$ ./install.sh client
Rupture uses Python for the Command & Control server. Communication between js realtime server and Python backend is performed with a Django API endpoint.
- Install backend.
rupture/ $ ./install.sh backend
- Install sniffer.
rupture/ $ ./install.sh sniffer
- Edit following configuration scripts:
- Setup backend.
rupture $ ./rupture setup
- Deploy backend.
rupture $ ./rupture backend
- Deploy realtime.
rupture $ ./rupture realtime
- Deploy sniffer.
rupture $ ./rupture sniffer
- You can also deploy backend, realtime and sniffer modules all together:
rupture/ $ sudo ./rupture attack
Note: Sniffer deployment - either standalone or all together with 'attack' - may need elevated privileges, since it requires access to network interface.
Client code is in following directory:
where is the victim's id in the backend database.
Open the following test HTML page in browser:
or inject client code in HTTP responses:
rupture/client/client_<id> $ ./inject.sh