Compression Oracle Attacks on VPN Networks

Conference:  BlackHat USA 2018



The presentation discusses the vulnerability of TLS compression and how attackers can conduct compression oracle attacks to steal sensitive information such as session IDs. The speaker provides a demo of the attack and emphasizes the importance of avoiding compressing and encrypting data together.
  • TLS compression is vulnerable to compression oracle attacks
  • Attackers can inject malicious code to steal sensitive information such as session IDs
  • Browsers have ambient authority which allows cookies to be sent regardless of where the request is sent from
  • High Steepy responses can also be attacked
  • The speaker provides a demo of the attack using Open VPN and a web app
  • Compression and encryption should not be used together
The speaker demonstrates the attack by using a VPN user accessing a corporate website over HTTP. The attacker injects malicious code and sends cross-domain requests to conduct compression oracle attacks on the user's requests and responses. The attacker is able to steal the session ID from the user's cookies. The speaker emphasizes the importance of avoiding compressing and encrypting data together to prevent such attacks.


Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to TLS protected data. Regardless of the underlying encryption framework being used, these VPN networks offer a very well used feature usually known as TCP Compression which in a way acts almost similar to the TLS compression feature pre-CRIME era.In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also explore the possibility of attacking ESP Compression and other such optimizations in any tunneled traffic which does encryption. We also show a case study with a well-known VPN server and their plethora of clients.We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.