def testBreachNoCompress2(self): ''' Test that we are not vulnerable to BREACH on a more complex example with a more precise rule if we enable nocompress ''' a = Breacher('A', 'Z') guessed = a.go( self.resolveURL('/safe_canary2?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, '')
def testBreachNoCompress3(self): ''' Test that we are not vulnerable to BREACH on a 5 character secret in 50 attempts if we enable the feature ''' a = Breacher('1', '2') guessed = a.go( self.resolveURL('/safe_canary3?test=CanaryCrazyFun:', 'https'), 200, 5) self.assertEqual(guessed, '')
def testBreachNoCompress2Repeated(self): ''' Test that we are not vulnerable to BREACH on a more complex example with a more precise rule if we enable nocompress even when the secret and canary are repeated multiple times ''' a = Breacher('A', 'Z') guessed = a.go( self.resolveURL('/safe_canary2_repeated?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, '')
def testBreach2Repeated(self): ''' Test that we are vulnerable to BREACH on a more complex example with a more precise rule and the canary repeated ''' a = Breacher('A', 'Z') guessed = a.go( self.resolveURL('/canary2_repeated?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, 'AZAZA')
def testBreachNoCompress(self): ''' Test that we are not vulnerable to BREACH if we attack a protected endpoint ''' a = Breacher('A', 'Z') guessed = a.go( self.resolveURL('/safe_canary?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, '')
def testBreachBadRule(self): ''' Test that we are vulnerable to BREACH when the rule is unrelated ''' a = Breacher('A', 'Z') guessed = a.go( self.resolveURL('/bad_rule_canary?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, 'AZAZA')
def testBreach3(self): ''' Test that we are vulnerable to BREACH on a 5 character secret in 50 attempts ''' a = Breacher('1', '2') guessed = a.go( self.resolveURL('/canary3?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, '11221')
def testBreach(self): ''' Test that we are vulnerable to BREACH ''' a = Breacher('A', 'Z') guessed = a.go( self.resolveURL('/canary?test=CanaryCrazyFun:', 'https'), 50, 5) self.assertEqual(guessed, 'AZAZA')
def testBreachDeployment(self): ''' Test that we not vulnerable to breach with the deployment key ''' a = Breacher('1', '2') guessed = a.go(self.resolveURL('/canary2?KEY=KEY:', 'https'), 50, 5) self.assertEqual(guessed, '')