Bingo is a POC for auto-suggestion guessing attack. This attack enables a man in the middle to guess a search query made by the user, based upon the packet sizes returned by the auto-suggestion mechanism. Even the project name is Bingo, the POC is targeted for duckduckgo.
The project was built during BIU cyber acathon - Breaking The Anonymity.
##more resources
- presentation - which describe the attack flow:
https://prezi.com/pu5ilmqi-hyh/search-incognito/
- youtube video - shows the attack in action:
https://www.youtube.com/watch?v=XhbHFUHmvjo
##update - 27/4/2016
- DDG has fixed the bug, here is the blog post about that:
https://duck.co/blog/post/304/preventing-a-potential-leak-in-encrypted-autocomplete