Deploying the Rupture attack

Rupture is a framework for conducting compression side-channel attacks. The Rupture attack performs a Man in the Middle (MitM) attack to inject javascript code to a targeted victim located on the adversary's LAN, in order to make arbitrary requests to HTTPS websites through its browser. The injection can only take place while the victim visits websites that do not provide encrypted communication (HTTP connections). These requests contain search-guesses of the next character of a targeted secret, based on an already known prefix. However, even if we can accomplish making those requests, the payload of the response can't be read (same origin policy).
To bypass this obstacle, we measure the payload size of the encrypted packet. Since the search-guess is reflected on the response, the measured payload for a correct guess will be smaller than a false one, due to the fact that every packet is compressed before the encryption. This leads to a possible match.

For easier testing we have set up this page:
https://ruptureit.com/test2.php

In this webpage we come across a plaintext which consists of numbers along with the word bibendum. In this experiment bibendum will be the target secret and the prefix bibend will be the known secret prefix.
For simplicity purposes, during the test both the attacker and the victim components will be deployed on the same machine, instead of injecting a separate target. This will create the opportunity to measure the responses from https://ruptureit.com/test2.php and discover the next secret character of our target secret. Here are the complete steps of the Rupture attack:

First, we need to clone the source code from GitHub:

             git clone https://github.com/dionyziz/rupture

This will create a folder named rupture at the current directory. Then we needto cd into the rupture folder and execute ./install.sh all in order to install the whole framework. There is also the option to install each module separately, as below:

Javascript

Rupture uses Javascript for communication between the client code and the realtime server. Client code is compiled using Babel and server code is run on Node.js.

  • Injection
                    rupture$ ./install.sh injection
  • Client
                     rupture$ ./install.sh client

Python

Rupture uses Python for the Command & Control server. Communication between Js Realtime server and Python backend is performed with a Django API endpoint.

  • Backend
                     rupture/ $ ./install.sh backend

Sniffer

                     rupture/ $ ./install.sh sniffer

After the installation we need to configure both the victim's as well as the target's parameters:

Victim

  • target: A unique name identifying the target
  • snifferendpoint: The HTTP endpoint of the adversarial sniffer running on the victim's network which is listening for our HTTP requests.
  • sourceip: Victim's local network IP. Since victim will be deployed in our machine, sourceip should be equal to our local IP address.
  • realtimeurl: The realtime module URL that the client should communicate with.
  • interface: Attacking machine's interface. (Default is eth0)

Target

  • endpoint: The endpoint in full URL form, including https://. The endpoint string must contain a %s to mark the position in which the string-to-be-reflected will be replaced into.
  • prefix: The known prefix of the secret used to bootstrap the attack.
  • alphabet: This set contain all the candidate symbols each character of the secret can be.
  • secretlength: The length of the secret, if known. If the secret is unknown, this should be 0.
  • alignmentalphabet: Alphabet used for block alignement. This will be shuffled once per batch.
  • recordscardinality: The amount of expected TLS response records per request.
  • method: Method of building candidate samplesets.

After we specify the parameters, we need to setup the framework:
./rupture setup .

Since this is the first victim setup, inside the client directory, a folder named client_1 will be created, containing injection script for the chosen victim.
Lastly, we need to deploy every component in order to start the attack. We can either start the attack with ./rupture attack or deploy each component separately (the last one is more preferable):

Backend
  • Setup backend.
                    rupture $ ./rupture setup
  • Deploy backend.
                   rupture $ ./rupture backend

Realtime

  • Deploy realtime.
                   rupture $ ./rupture realtime

Sniffer

  • Deploy sniffer.
                    rupture $ ./rupture sniffer

Note: Sniffer deployment - either standalone or all together with 'attack' - may need elevated privileges for simple users, since it requires access to
network interface..

Since victim component will be deployed in our machine, we need to open the test.html file through our browser, located in the client/client_1 directory, containing the javascript code that will make the requests on the target website.

Depending on our network speed connection it may take a while, in order to steal the first character of the target secret. When the first round is completed a table will present all possible candidates in descending order of likelihood (backend window). If the total samples that we collected, indicate high enough confidence for the matching character, then the attack will continue by guessing the next possible character, like the first round. This process will continue recursively until the target secret is recovered.

This concludes the attack.