This tool features the basic BREACH attack. We're working on the browser-based prototype shown at BlackHat 2013.
This is intended for self-assessment only. Don't do bad things.
-
MITM: This is not required for the PoC. Instead, we suggest a simple HOSTS entry to enable measurement of the encrypted traffic.
-
Browserless: At this time we provide a simple HTTP client that simulates browser behavior. The full-featured browser-based tool will follow.
-
Block Ciphers: The tool isn't smart enough to work against block ciphers yet. Maybe you can send us a pull request to fix this!
- Windows OS (7+ tested)
- .NET 3.5+ Framework
- Visual Studio 2010+ (if you want to modify the code)
- Build the projects to get the executables, or download them at http://breachattack.com/precompiled/.
- Run
(echo. && echo 127.0.0.1 malbot.net) >> %windir%\system32\drivers\etc\hosts
in a command shell with admin privs. - Launch
SSLProxy.exe
. - Launch
BREACH Basic.exe
. - Verify the secret extracted is correct. (Take a look at the source of https://malbot.net/poc/.)
- Edit your hosts file entry with your new target.
- Edit
TargetIP
address inSSLProxy.cs
. - Edit
KeySpace
inBREACH Basic.cs
to reflect the target secret's alphabet. - Edit
TargetURL
inBREACH Basic.cs
. - Edit
canary
to specify your bootstrapping sequence in 'BREACH Basic.cs'. - Compile & Run.
Fork this repo. Make some awesome changes. Send us a pull request.
- Paper+Slides: http://breachattack.com
- Email: contact@breachattack.com