decrypto-org/ rupture

JavaScript

Python

Shell

CSS

HTML

TeX

View on GitHub

Need help with rupture?

Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

decrypto-org

217 Stars

49 Forks

MIT License

1.4K Commits

52 Opened issues

Description

A framework for BREACH and other compression-based crypto attacks

Services available

Need anything else?

Contributors list

Readme

Rupture

Name: rupture
Brand: rupture
SKU: //decrypto-org/rupture
Rating: 2.2925 (217 reviews)

Rupture is a framework for easily conducting BREACH and other compression-based attacks.

Authors

Rupture is developed by:

Dimitris Karakostas [email protected]
Dionysis Zindros [email protected]
Eva Sarafianou [email protected]
Dimitris Grigoriou [email protected]

This research is being conducted at the Cryptography & Security lab at the University of Athens and the National Technical University of Athens.

License

Rupture is licensed under MIT. See LICENSE for more information.

Installation

You can install the whole framework as follows:

Install rupture.
```
sh
rupture/ $ ./install all
```

or you can also install each module separately, as below.

Javascript

Rupture uses Javascript for communication between the client code and the realtime server. Client code is compiled using babel and server code is run on Node.js.

Injection

Install injection.
```
sh
rupture$ ./install injection
```

Client

Install client.
```
sh
rupture$ ./install client
```

Python

Rupture uses Python for the Command & Control server. Communication between js realtime server and Python backend is performed with a Django API endpoint.

Backend

Install backend.
```
sh
rupture/ $ ./install backend
```

Sniffer

Install sniffer.
```
sh
rupture/ $ ./install sniffer
```

Execution

Backend

Edit following configuration scripts:
- rupture/backend/target_config.yml
- rupture/backend/victim_config.yml
Setup backend.
```
sh
rupture $ ./rupture -s
```
Deploy backend.
```
sh
rupture $ ./rupture --backend
```

Realtime

Deploy realtime.
```
sh
rupture $ ./rupture --realtime
```

Sniffer

Deploy sniffer.
```
sh
rupture $ ./rupture --sniffer
```

Attack

You can also deploy backend, realtime and sniffer modules all together:
```
sh
rupture/ $ sudo ./rupture --attack
```

Note: Sniffer deployment - either standalone or all together with 'attack' - may need elevated privileges, since it requires access to network interface.

Client

Client code is in following directory:
- ~/.rupture/client/client_

where is the victim's id in the backend database. - Open the following test HTML page in browser: - ~/.rupture/client/client_/test.html

or inject client code in HTTP responses:

sh
~/.rupture/client/client_ $ ./inject.sh