Main Content

Heya - HollyGraceful here, I make all of this content in my spare time, like it? Please support me :)
You can donate via Bitcoin or Patreon!

CRIME against TLS?

Compression Ratio Info-leak Made Easy

CRIME is an attack against SSL, like Heartbleed, but it has a much smaller probability of exploitation. The authors of CRIME also wrote the BEAST attack. The attack can allow an attacker to recover web cookies and thereby perform session hijacking attacks, much like BEAST and the specific restrictions for the attack are similar. The attacker requires the ability to repeatedly inject predictable data whilst monitoring the resulting encrypted traffic. This requires the attacker to achieve two main prerequisites before the attack is possible: the attacker must be able to observe network traffic and manipulate the victim’s browser to submit requests to the target site.

The manipulation could be possible through Cross-site scripting attacks; JavaScript is not required and an attack could be possible with HTML Injection alone however it would be less efficient.

For CRIME to be possible the server must support compression of the request before encryption. TLS supports DEFLATE which is vulnerable, as is SPDY. The client must also support compression but only a small percentage of browsers do.