## CRIMEs against TLS

### anton

Staff
Nov. 29, 2015, 2:21 a.m.

This one took me about 3 minutes to run on my machine. Depending on your network speed it shouldn't take much longer than that. I'd definitely suggest some debug output to ensure that your program is making progress recovering the cookie and not hanging somewhere.

### global4g

36 solved
March 12, 2016, 5:16 a.m.

I'm getting 404 when trying to request below

Am I missing something ?

### anton

Staff
March 12, 2016, 6:29 a.m.

Note that the hint states:

The cookie is all lowercase letters

I think we set the oracle up so that the endpoint won't even compute the compressed size if there are digits in the last part of the url, it will simply 404. You should only have to use the characters a-z and =. In other words your query to the oracle should match the regex https://id0-rsa.pub/problem/crime-oracle/[a-z=]*.

Example valid URL - https://id0-rsa.pub/problem/crime-oracle/some=string

### global4g

36 solved
March 12, 2016, 5:31 p.m.

Got it @anton, & thanks for putting this together!

38 solved
April 10, 2020, 4:57 a.m.

Well, the message I'm getting is 500 Server is FUBAR

https://id0-rsa.pub/problem/crime-oracle/abcdefgh -> error 500