rupture

by decrypto-org

decrypto-org / rupture

A framework for BREACH and other compression-based crypto attacks

205 Stars 43 Forks Last release: Not found MIT License 1.4K Commits 1 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Build
Status Coverage
Status

Rupture

Rupture is a framework for easily conducting BREACH and other compression-based attacks.

Authors

Rupture is developed by:

This research is being conducted at the Cryptography & Security lab at the University of Athens and the National Technical University of Athens.

License

Rupture is licensed under MIT. See LICENSE for more information.

Installation

You can install the whole framework as follows:

  • Install rupture.
    sh
    rupture/ $ ./install all
    

or you can also install each module separately, as below.

Javascript

Rupture uses Javascript for communication between the client code and the realtime server. Client code is compiled using babel and server code is run on Node.js.

Injection

  • Install injection.
    sh
    rupture$ ./install injection
    

Client

  • Install client.
    sh
    rupture$ ./install client
    

Python

Rupture uses Python for the Command & Control server. Communication between js realtime server and Python backend is performed with a Django API endpoint.

Backend

  • Install backend.
    sh
    rupture/ $ ./install backend
    

Sniffer

  • Install sniffer.
    sh
    rupture/ $ ./install sniffer
    

Execution

Backend

  • Edit following configuration scripts:
    • rupture/backend/target_config.yml
    • rupture/backend/victim_config.yml
  • Setup backend.
    sh
    rupture $ ./rupture -s
    
  • Deploy backend.
    sh
    rupture $ ./rupture --backend
    

Realtime

  • Deploy realtime.
    sh
    rupture $ ./rupture --realtime
    

Sniffer

  • Deploy sniffer.
    sh
    rupture $ ./rupture --sniffer
    
Attack
  • You can also deploy backend, realtime and sniffer modules all together:
    sh
    rupture/ $ sudo ./rupture --attack
    

Note: Sniffer deployment - either standalone or all together with 'attack' - may need elevated privileges, since it requires access to network interface.

Client

  • Client code is in following directory:
    • ~/.rupture/client/client_

where is the victim's id in the backend database. - Open the following test HTML page in browser: - ~/.rupture/client/client_/test.html

or inject client code in HTTP responses:

sh
~/.rupture/client/client_ $ ./inject.sh

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.