Rupture - A framework for BREACH and other compression-based crypto attacks
Rupture is a framework for easily conducting BREACH and other compression-based attacks.
For more information, please visit Rupture's home page: RuptureIt
Authors
Rupture is developed by:
- Dimitris Karakostas [email protected]
- Dionysis Zindros [email protected]
- Eva Sarafianou [email protected]
Installation
You can install the whole framework as follows:
- Install rupture.
rupture/ $ ./install.sh all
Javascript
Rupture uses Javascript for communication between the client code and the realtime server. Client code is compiled using babel and server code is run on Node.js .
Injection
- Install injection.
rupture$ ./install.sh injection
Client
- Install client.
rupture$ ./install.sh client
Python
Rupture uses Python for the Command & Control server. Communication between js realtime server and Python backend is performed with a Django API endpoint.
Backend
- Install backend.
rupture/ $ ./install.sh backend
Sniffer
- Install sniffer.
rupture/ $ ./install.sh sniffer
Execution
Backend
- Edit following configuration scripts:
- rupture/backend/target_config.yml
- rupture/backend/victim_config.yml
- Setup backend.
rupture $ ./rupture setup
- Deploy backend.
rupture $ ./rupture backend
Realtime
- Deploy realtime.
rupture $ ./rupture realtime
Sniffer
- Deploy sniffer.
rupture $ ./rupture sniffer
Attack
- You can also deploy backend, realtime and sniffer modules all together:
rupture/ $ sudo ./rupture attack
Client
- Client code is in following directory:
- rupture/client/client_
- Open the following test HTML page in browser:
- rupture/client/client_/test.html
rupture/client/client_<id> $ ./inject.sh
Rupture - A framework for BREACH and other compression-based crypto attacks
Reviewed by Zion3R
on
5:30 PM
Rating: