Skip to content

A framework for BREACH and other compression-based crypto attacks

License

Notifications You must be signed in to change notification settings

dionyziz/rupture

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status Coverage Status

Rupture

Rupture is a framework for easily conducting BREACH and other compression-based attacks.

For more information, please visit Rupture's home page: RuptureIt

Authors

Rupture is developed by:

This research is being conducted at the Cryptography & Security lab at the University of Athens and the National Technical University of Athens.

License

Rupture is licensed under MIT. See LICENSE for more information.

Installation

You can install the whole framework as follows:

  • Install rupture.
rupture/ $ ./install all

or you can also install each module separately, as below.

Javascript

Rupture uses Javascript for communication between the client code and the realtime server. Client code is compiled using babel and server code is run on Node.js.

Injection

  • Install injection.
rupture$ ./install injection

Client

  • Install client.
rupture$ ./install client

Python

Rupture uses Python for the Command & Control server. Communication between js realtime server and Python backend is performed with a Django API endpoint.

Backend

  • Install backend.
rupture/ $ ./install backend

Sniffer

  • Install sniffer.
rupture/ $ ./install sniffer

Execution

Backend

  • Edit following configuration scripts:
    • rupture/backend/target_config.yml
    • rupture/backend/victim_config.yml
  • Setup backend.
rupture $ ./rupture -s
  • Deploy backend.
rupture $ ./rupture --backend

Realtime

  • Deploy realtime.
rupture $ ./rupture --realtime

Sniffer

  • Deploy sniffer.
rupture $ ./rupture --sniffer
Attack
  • You can also deploy backend, realtime and sniffer modules all together:
rupture/ $ sudo ./rupture --attack

Note: Sniffer deployment - either standalone or all together with 'attack' - may need elevated privileges, since it requires access to network interface.

Client

  • Client code is in following directory:

    • ~/.rupture/client/client_

    where is the victim's id in the backend database.

  • Open the following test HTML page in browser:

    • ~/.rupture/client/client_/test.html

    or inject client code in HTTP responses:

~/.rupture/client/client_<id> $ ./inject.sh

About

A framework for BREACH and other compression-based crypto attacks

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TeX 41.1%
  • Python 29.2%
  • C 11.1%
  • JavaScript 9.5%
  • HTML 6.2%
  • Shell 1.8%
  • Other 1.1%