Feature Request: Implement BREACH / CRIME encryption compression attacks about lans.py HOT 6 CLOSED

This is exactly the direction I wanted to go. My thought, however, was to start with something as simple as possible and then implement BREACH/CRIME/compression attacks once that's in place. The simplest thing I could think of that would still have very high effectiveness against a lay person was to implement some kind of SSL server and serve a self-signed SSL cert for every https domain they visit since we know that the majority of people just click through SSL security warnings. SSLstrip was in an older version of this program but SSLstrip absolutely murders the victim's browsing speeds to the point of uselessness.

I'm going to keep this issue open until I get the basic self-signed SSL proxy working and hopefully won't have the same speed issues at SSLstrip.

from lans.py.

Ahh, so you want the SSL proxy as a "victim" which you can test the attack against? Does it serve another purpose which I missed?

from lans.py.

Sorry if I grossly misunderstand. I'm just starting to learn chosen plain text attacks and python networking.

P.S. I love your choice to use Scapy. :)

from lans.py.

End goal is to make it so when you use the -s option or maybe -ssl option the script will use it's own self signed certificate for all https sites the victim visits so the victim will see a security warning when they visit pages like gmail.com. Since the script is using it's own SSL cert, it can decrypt the traffic the user sends to the https site.

from lans.py.

ahh, got yah. That will allow MITM without the normal traffic being disrupted.

from lans.py.

Another video on the topic, this time from blackhat: https://www.youtube.com/watch?v=e3hOJfrSD9g&list=PLiq_fDYFoqMocM7ADQCTfGAdI9CXA-kUs&index=34

from lans.py.