A framework for BREACH and other compression-based crypto attacks
Rupture is a framework for easily conducting BREACH and other compression-based attacks.
Rupture is developed by:
This research is being conducted at the Cryptography & Security lab at the University of Athens and the National Technical University of Athens.
Rupture is licensed under MIT. See LICENSE for more information.
You can install the whole framework as follows:
sh rupture/ $ ./install all
or you can also install each module separately, as below.
Rupture uses Javascript for communication between the client code and the realtime server. Client code is compiled using babel and server code is run on Node.js.
sh rupture$ ./install injection
sh rupture$ ./install client
Rupture uses Python for the Command & Control server. Communication between js realtime server and Python backend is performed with a Django API endpoint.
sh rupture/ $ ./install backend
sh rupture/ $ ./install sniffer
sh rupture $ ./rupture -s
sh rupture $ ./rupture --backend
sh rupture $ ./rupture --realtime
sh rupture $ ./rupture --sniffer
sh rupture/ $ sudo ./rupture --attack
Note: Sniffer deployment - either standalone or all together with 'attack' - may need elevated privileges, since it requires access to network interface.
where is the victim's id in the backend database. - Open the following test HTML page in browser: - ~/.rupture/client/client_/test.html
or inject client code in HTTP responses:
sh ~/.rupture/client/client_ $ ./inject.sh