{"id":21271242,"url":"https://github.com/skepticfx/voracle","last_synced_at":"2025-09-08T19:33:01.276Z","repository":{"id":74942105,"uuid":"131536888","full_name":"skepticfx/voracle","owner":"skepticfx","description":"Compression Oracle Attack on OpenVPN","archived":false,"fork":false,"pushed_at":"2023-09-24T19:00:49.000Z","size":4041,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-07-11T07:59:34.827Z","etag":null,"topics":["blackhat2018","compression","cryptography","defcon26","openvpn","poc","vpn"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skepticfx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-29T23:02:49.000Z","updated_at":"2025-04-28T17:03:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"9c7326e6-cce6-4891-942f-1871227aec1a","html_url":"https://github.com/skepticfx/voracle","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/skepticfx/voracle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skepticfx%2Fvoracle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skepticfx%2Fvoracle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skepticfx%2Fvoracle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skepticfx%2Fvoracle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skepticfx","download_url":"https://codeload.github.com/skepticfx/voracle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skepticfx%2Fvoracle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274231436,"owners_count":25245585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-08T02:00:09.813Z","response_time":121,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blackhat2018","compression","cryptography","defcon26","openvpn","poc","vpn"],"created_at":"2024-11-21T08:21:29.007Z","updated_at":"2025-09-08T19:33:01.250Z","avatar_url":"https://github.com/skepticfx.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# voracle\n#### Compression oracle attacks on VPN networks\n\n### Usage\n```\n# install nodejs requirements\ncd voracle\nnpm install\n\n# install python requirments\ncd voracle/attack\npip install -r requirements.txt\n\n# start vpn client\n# tested with openvpn client 3\n# https://github.com/OpenVPN/openvpn3\n\n# start MITM\ncd voracle/attack\npython mimt.py\n\n# start attack server on localhost:9999\n# modify config.json to your requirements\ncd voracle\nnpm start\n```\n\n### Sample Demo\n\u003cimg src=\"https://test.skepticfx.com/demos/91283u89232903230/voracle-test.skepticfx.com.gif\" /\u003e\n\n### Abstract\nSecurity researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. \nIn spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. \nCompression oracle attacks are not limited to TLS protected data. Regardless of the underlying encryption framework being used, \nthese VPN networks offer a very well used feature usually known as TCP Compression which in a way acts almost similar to the \nTLS compression feature pre-CRIME era. \n\nIn this paper, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. \nWe also explore the possibility of attacking ESP Compression and other such optimizations in any tunneled traffic which does encryption. \nWe also show a case study with a well-known VPN server and their plethora of clients. \n\nWe then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward \nrather than claiming 'Thou shall not compress traffic at all'. \nOne of the things that we would like to showcase is how impedance mismatches in these different layers of technologies \naffect security and how they don't play well together.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskepticfx%2Fvoracle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskepticfx%2Fvoracle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskepticfx%2Fvoracle/lists"}