CRIME Attack
What is CRIME Attack?
CRIME AttackA 2012 side-channel attack by Rizzo and Duong that recovers HTTPS session cookies by exploiting TLS-level compression and observing ciphertext lengths.
CRIME (Compression Ratio Info-leak Made Easy) was demonstrated at Ekoparty 2012 by Juliano Rizzo and Thai Duong. When TLS or SPDY compression is enabled, repeated bytes between attacker-injected content and a secret cookie shrink the compressed record. By observing the encrypted record length while iterating guess bytes from a hostile JavaScript context, the attacker recovers HTTP headers, including session cookies, character by character. The mitigation was immediate and structural: disable TLS-level compression. All modern browsers and TLS stacks (TLS 1.3 has no record-level compression) followed suit, and CRIME directly inspired the later BREACH attack against HTTP-body compression.
● Examples
- 01
Stealing a session cookie from an authenticated HTTPS site by injecting requests from a controlled iframe.
- 02
Exploiting SPDY header compression to leak Authorization headers.
● Frequently asked questions
What is CRIME Attack?
A 2012 side-channel attack by Rizzo and Duong that recovers HTTPS session cookies by exploiting TLS-level compression and observing ciphertext lengths. It belongs to the Attacks & Threats category of cybersecurity.
What does CRIME Attack mean?
A 2012 side-channel attack by Rizzo and Duong that recovers HTTPS session cookies by exploiting TLS-level compression and observing ciphertext lengths.
How does CRIME Attack work?
CRIME (Compression Ratio Info-leak Made Easy) was demonstrated at Ekoparty 2012 by Juliano Rizzo and Thai Duong. When TLS or SPDY compression is enabled, repeated bytes between attacker-injected content and a secret cookie shrink the compressed record. By observing the encrypted record length while iterating guess bytes from a hostile JavaScript context, the attacker recovers HTTP headers, including session cookies, character by character. The mitigation was immediate and structural: disable TLS-level compression. All modern browsers and TLS stacks (TLS 1.3 has no record-level compression) followed suit, and CRIME directly inspired the later BREACH attack against HTTP-body compression.
How do you defend against CRIME Attack?
Defences for CRIME Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CRIME Attack?
Common alternative names include: CRIME, Compression Ratio Info-leak Made Easy.
● Related terms
- attacks№ 122
BREACH Attack
A 2013 side-channel attack that recovers HTTPS-protected secrets by exploiting HTTP-level compression and observing response sizes across attacker-influenced requests.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- vulnerabilities№ 1038
Side-Channel Attack
An attack that recovers secrets from a system by observing physical or implementation characteristics — timing, power, electromagnetic emissions, caches, acoustic signals — rather than logical flaws.
- attacks№ 1016
Session Hijacking
An attack that takes over a victim's authenticated session by stealing or forging the session identifier so the attacker can act as the user without their credentials.
- attacks№ 089
BEAST Attack
A 2011 chosen-plaintext attack on SSL 3.0 and TLS 1.0 CBC ciphers (CVE-2011-3389) by Rizzo and Duong that recovers HTTPS cookies via a predictable IV flaw.
● See also
- № 636Lucky 13