WEB BREACH ATTACK TUTO ?

You can search on youtube.

ok thanks bro.

I saw on Youtube (&hd=1) following your advice a TUTO and frankly, I admit that this is very interesting but I do not understand the configuration.
I downloaded the script BREACH on the same video on http://breachattack.com site.

So I’d like a little kindness on your part that you help me configuer the script or rather to explain to me how to make the configuration script BREACH I discovered on http://breachattack.com/ .

While the README file that I downloaded BREACH say

[b]### How to customize:
1. Edit your hosts file entry with your new target.
2. Edit in TargetIP` address SSLProxy.cs`. 3. Edit in KeySpaceBREACH Basic.cs to Reflect the target’s secret alphabet.
4. Edit in ` TargetURL BREACH Basic.cs. 5. Editcanary` to specify your bootstrapping sequence in ‘BREACH Basic.cs’.
6. Compile & Run.[/b]

However, I would understand the above requirements:

Number 3: (how to find and edit the ideal “keyspace” for the vulnerable site in question) ?
Number 5: (What is a “Canary” and how to specify it for it to match the vulnerable site) ?
Number 6: (Can I compile all of these files modified with VISUAL STUDIO before running) ?

Advance thank you kindly explain to me because it is unclear to me and I do not understand absolutely nothing?

Help me through a most appropriate explanation for these issues questions I just enumerate above. Please.

I’m sure you’ve heard this before in another incarnation, but you should probably first get a good understanding of the basics before using these kind of tools and attacks. We cannot teach you all that you seem to need in a simple reply.

keep in mind, some admins are getting smart and they aren’t keeping sensitive info on the site servers anymore. (I believe this will become best practice soon than later)

Basically, they are keeping the encrypted data on a cloud server.

However, that’s most likely less than 0.5% websites out there. It’s a very new practice

Once it becomes a regular thing, you will now have to find a way to get the keys to decrypt the stuff from their cloud servers. (It’s virtually impossible to hack into some of these upcoming cloud services without a team. So, you will also need to find a way to hack the sites admin accounts and hope the username and passwords are on their e-mail.)

say what?

Depending on what sensitive records the hacker is looking for, is depending on what info is stored where. I know of a few hospitals that store their patient info on cloud services. The only thing these hospitals store on their on servers is employee data, incoming and outgoing meds, and things like that.
So if the hacker was looking for patient files. They wouldn’t need to find a way to hack into the cloud service and decrypt the info. (Some of the cloud services encrypts and de-crypts the data with AES 256 from the client side. That away if a hacker did break into the cloud service and get their hands on the data, it would take them 10,000 to break the encryption. However, the hacker can use whatever access the admin uses in order to get the data.

I haven’t played around with these systems, so I don’t know the ends and outs of it.)

Also, using cloud as a general term. There is a lot of companies that uses paypal so they don’t have to store and manage people’s secure info. So hacking those companies are somewhat pointless if you want the payment info.

It must be me, but I don’t see any relevance to anything you’ve said.

To configure a script BREACH found on http://breachattack.com/ that extracts data on vulnerable HTTPS, I read the README that tell how to customize:

[b] ### How to customize:
1. Edit your hosts file entry with your new target.
2. Edit in TargetIP` address SSLProxy.cs`. 3. Edit in KeySpaceBREACH Basic.cs to Reflect the target’s secret alphabet.
4. Edit in ` TargetURL BREACH Basic.cs. 5. Editcanary` to specify your bootstrapping sequence in ‘BREACH Basic.cs’.
6. Compile & Run.
[/b]

But frankly, I admit that there I absolutely understand any of it; So help me understand the above configuration:

Number 3: What is a KEYSPACE and how to know the KEYSPACE for the site or vulnerable to attack ?

Number 5: What is a CANARY and how to know what is the ideal CANARY that identifies the site or vulnerable to attack ?

Thank you in advance.

@maybb229 dude @dloser said you need to learn the basics this means learning how and why each tool does what it does so you can apply it better what level are you at in coding and web dev how much do you know and understand about what you want to do. remember knowing is not necessarily understanding… go learn if you get stuck google it or ask for advice…

I don’t know if he really know what “ learning ” & “ searching by yourself ” is