In 2013, a new attack named BREACH Attack, or Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext, caught our attention. It affected many by stealing sensitive data transferred over the Internet, even when SSL/TLS (How does TLS protocol work?) is used. Let’s understand what this BREACH attack is and how the attackers perpetrate this attack.
What is the BREACH attack?
When a browser requests a webpage, the webpage usually is first compressed and then sent to the browsers. The compression is done to utilize the network bandwidth in a better way. Similarly, when we send any data through a webpage, the content is first compressed and then sent to the server. We use HTTP compression for this purpose.
When we use SSL/TLS to send sensitive data to a server, the data is first encrypted and then sent to the server. In the case of HTTP compression, content is first compressed and then sent to the server.
In the BREACH Attack, an attacker analyzes the responses of a victim who is authenticated to a web application and finds out sensitive data of the victim. In other words, the attacker sends several requests to the server impersonating the victim and looks at the responses, e.g., the length of the compressed contents. On analyzing the lengths of responses to various requests, the attacker determines the sensitive data of the victim.
How does the BREACH attack work?
When we use HTTP compression on web pages, the length of the compressed content is less than that of the actual content. But, the exact length of the compressed content depends on the sensitive data of the user.
For example, the study says that if a user authenticates to a website and searches with some text in the search bar, the length of the compressed webpage will be minimal when the search text matches the username or credit card number of the user.
So, if a user has a credit card number 123456 and searches with various texts in the search bar of the website, the length of the compressed webpage will be minimal when the user searches with 123456. And, this is the technique the attackers exploit to determine sensitive data of the user.
To perpetrate the BREACH attack, the attacker first uses social engineering to trick the victim into clicking…
0 Comments