Hacking News h

Published on February 21st, 2017 | 7,261 views Post Views

HEIST Attack On HTTPS Websites Can Steals Your Private Data

Two Security researchers Mathy Vanhoef and Tom Van Goethem explained their finding in Black Hat Conference this week. HEIST is defined as (HTTP Encrypted Information can be Stolen Through TCP-Windows)

Compression-based attacks such as CRIME and BREACH can now be performed purely in the browser, by any malicious website or script, without requiring network access,” the researchers said in the paper.

“If we know that HTTP/2 is used, we can let the browser simultaneously request the targeted resource, and another resource that contains reflected content,” Vanhoef and Van Goethem wrote in a research paper. “Since HTTP/2 is used, both requests are sent in parallel to the server, and the server replies to them in parallel as well.”

How this attack work?

It is possible to exploit two earlier attacks, BREACH and CRIME attack, to decrypt the transmitted data without the attacker having to be in a man-in-the-middle (MITM) position on the network. When a visitor surfing a compromised website, then the malicious code silently runs in the background. HEIST works with both the older HTTP/1.x and the new HTTP/2 protocols.

According to Ars,

Van Goethem and fellow researcher Mathy Vanhoef have already disclosed their findings to researchers at both Google and Microsoft. That means Wednesday’s demonstration isn’t likely to catch them by surprise. Still, when asked how possiblel the attack is against Gmail, Bank of America, and other real-world sites, Van Goethem gave the following answer:


If I would take my time, and write exploits for a number of websites, then visiting a malicious site (it even doesn’t have to be a malicious one, there could also happen to be a malicious JavaScript file on there; there are numerous of possibilities for that to happen), could cause a lot of havoc. Probably the most damage could be dealt out by exploiting BREACH, as it allows the attacker to read out CSRF tokens. Depending on the functionality offered by the website, it could be that by knowing the CSRF token the attacker could simply take over the complete account of the victim.I haven’t inspected the requests and responses of every website in detail, but as a user one should expect the worst. An attacker only has to find a single endpoint that contains a secret token and reflects part of the request in the response to extract this token. As I mentioned, knowing this token is typically enough to compromise the user’s account.
How To Protect?

  1. To Disable Third Party Cookies
  2. By Disabling third-party cookies would prevent HEIST’s fetch() call from authenticating with the invaded webpage.


(Visited 4,664 times, 1 visits today)

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
MessenPass – Recover MSN, Yahoo Messenger, ICQ, Trillian Passwords

MessenPass is a password recovery tool that reveals the passwords of the many popular Instant Messaging applications. MessenPass can only...