VORACLE attack

VORACLE is a remix of the older BREACH and CRIME cryptographic attacks. It decrypts HTTP traffic sent through VPNs built on OpenVPN protocols. It takes advantage of the fact that OpenVPN’s default setting is to compress all data before encrypting it with TLS. If an attacker repeatedly adds plain text information into the data prior to compression and then recovers the passing traffic, they can measure the packet length and then compare it to brute-forced potential value. This could eventually allow them to obtain the session cookie or session data.

Since the VORACLE attack requires that the attacker be able to insert plain text information into the data before encryption and see the data after it has been encrypted, it often requires the attacker lure you to an HTTP site – either one under the attacker’s control or one where they can execute malicious code. Even then, using a Chromium-based browser (Chrome) can foil the attack since they split HTTP requests into multiple parts. Effectively, this makes the VORACLE attack hard to carry out in practice, although not impossible.