BREACH decodes HTTPS encrypted data in 30 seconds

BREACH decodes HTTPS encrypted data in 30 seconds


A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds.

BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is very targeted and don’t decrypt the entire channel. BREACH manipulates data compression to pry out doses of information from HTTPS protected data, including email addresses, security tokens, and other plain text strings.

The technique was demonstrated at the Black Hat security conference in Las Vegas by Gluck along with researchers Neal Harris and Angelo Prado, which allows hackers to decodes encrypted data that online banks and e-commerce sites from an HTTPS channel.