CRIMEs against TLS
Exploit a protocol that compresses data before encrypting it
This one took me about 3 minutes to run on my machine. Depending on your network speed it shouldn't take much longer than that. I'd definitely suggest some debug output to ensure that your program is making progress recovering the cookie and not hanging somewhere.
I'm getting 404 when trying to request below
Am I missing something ?
Note that the hint states:
The cookie is all lowercase letters
I think we set the oracle up so that the endpoint won't even compute the compressed size if there are digits in the last part of the url, it will simply 404. You should only have to use the characters
=. In other words your query to the oracle should match the regex
Example valid URL - https://id0-rsa.pub/problem/crime-oracle/some=string
Got it @anton, & thanks for putting this together!
Well, the message I'm getting is 500 Server is FUBAR
Anton, do you still exist?
https://id0-rsa.pub/problem/crime-oracle/abcdefgh -> error 500 https://id0-rsa.pub/problem/crime-oracle/cookie=abcdefgh -> error 500 your example: https://id0-rsa.pub/problem/crime-oracle/some=string -> error 500