Skip to main content

SSL BREACH Vulnerability?

The BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) attack is a specific vulnerability targeting HTTP responses compressed using gzip or DEFLATE and encrypted via SSL/TLS.

Fixing an SSL BREACH vulnerability requires a combination of measures since there isn't a one-size-fits-all patch or simple configuration setting to address it. Here's a comprehensive guide:

How to Fix an SSL BREACH Vulnerability:

1. Disable HTTP Compression

The simplest and most direct way to prevent BREACH is to disable HTTP compression, but this might not be feasible for all sites due to performance reasons.

  • For Apache:
SetEnv no-gzip 1 

  • For Nginx:
gzip off;

2. Separate Secrets from User Input

BREACH exploits compression ratios to infer secrets in the response. By ensuring secrets aren't in the same response as user-controlled input, you reduce the risk.

3. Randomize Secrets per Request

For every client request, use a different secret token. This makes it hard for an attacker to guess the secret based on the size of the response, as each response would be different due to the random secret.

4. Mask Secrets (Token Masking)

Instead of sending the real token to the client, send a masked version of the token. On the server side, unmask the token to get its real value. This ensures that the token value present in the HTTP response body is not the same as the real token, which hinders the BREACH attack.

5. Length Hiding

By adding a random number of bytes to every response, you can make it harder for attackers to determine the exact length of the compressed content, thus hindering their ability to derive the secret.

6. Rate Limiting

You can limit or delay repeated requests to your server from the same IP address. BREACH requires multiple requests to be effective. By limiting the request rate, you can mitigate the risk of an attack.

7. Use HTTPS Everywhere

Ensure all your content, including resources like CSS, images, and JavaScript, is loaded over HTTPS. This reduces the avenues available for attackers to inject malicious content into a page.

8. Monitor and Alert

Regularly monitor the size of HTTP responses. If you notice a pattern or a suspiciously large number of requests coming from a single IP or range, that might be an indicator of an ongoing BREACH attack.

9. Stay Updated

Stay informed about updates from your software vendors. New techniques and defenses against BREACH and similar vulnerabilities emerge over time.

Conclusion

BREACH is a potent vulnerability that exploits the very nature of HTTP compression combined with SSL/TLS encryption. While there isn't a silver bullet solution, combining multiple defensive techniques can help protect your applications and data. Always ensure you're following best practices for web security and remain vigilant against new and evolving threats.

No Comments
Back to top