We implemented BREACH, an attack unveiled at blackhat last year, but until now, unimplemented in the wild. In our attack we were able to steal a CSRF token from Twitter and tweet on behalf of the compromised user without the user doing anything other than normal browsing. We overcame many obstacles including, launching a arp spoof in java to create a man-in-the-middle attack, we injected plaintext on the client side, we bypassed popup blockers in Firefox, Chrome, and Safari, and bypassed CORS in a test environment. Thus we believe we have implemented the first full BREACH attack in the wild. We've also identified many high profile websites which are victims to this attack.
The Point Attack
Updates
Leave feedback in the comments!
Log in or sign up for Devpost to join the conversation.