Browser Reconnaissance Exfiltration via Adaptive Compression of Hypertext
Variants:
Direct
Also Known As:
BREACH Attack
Vector Type:
Attack
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
TLS Compression, Hardening, Communication Encryption
Invented In:
01/08/2013
Added In:
21/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Abuse TLS compression and SPDY header compression features while eavesdropping to perform a cryptanalysis attack and expose secrets contained in compressed and encrypted HTTP responses
