Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/skepticfx/voracle

Compression Oracle Attack on OpenVPN
https://github.com/skepticfx/voracle

blackhat2018 compression cryptography defcon26 openvpn poc vpn

Last synced: 3 months ago
JSON representation

Compression Oracle Attack on OpenVPN

Host: GitHub
URL: https://github.com/skepticfx/voracle
Owner: skepticfx
Created: 2018-04-29T23:02:49.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2023-09-24T19:00:49.000Z (over 1 year ago)
Last Synced: 2024-09-13T02:21:35.506Z (5 months ago)
Topics: blackhat2018, compression, cryptography, defcon26, openvpn, poc, vpn
Language: JavaScript
Size: 3.85 MB
Stars: 11
Watchers: 5
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# voracle
#### Compression oracle attacks on VPN networks

### Usage
```
# install nodejs requirements
cd voracle
npm install

# install python requirments
cd voracle/attack
pip install -r requirements.txt

# start vpn client
# tested with openvpn client 3
# https://github.com/OpenVPN/openvpn3

# start MITM
cd voracle/attack
python mimt.py

# start attack server on localhost:9999
# modify config.json to your requirements
cd voracle
npm start
```

### Sample Demo

### Abstract
Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data.
In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks.
Compression oracle attacks are not limited to TLS protected data. Regardless of the underlying encryption framework being used,
these VPN networks offer a very well used feature usually known as TCP Compression which in a way acts almost similar to the
TLS compression feature pre-CRIME era.

In this paper, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs.
We also explore the possibility of attacking ESP Compression and other such optimizations in any tunneled traffic which does encryption.
We also show a case study with a well-known VPN server and their plethora of clients.

We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward
rather than claiming 'Thou shall not compress traffic at all'.
One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies
affect security and how they don't play well together.