Computers, Life..

Voracle - Compression Oracle attacks on VPNs

I’ve been tinkering with opensource VPNs for a while and had this idea around using the CRIME style compression oracle attacks on VPN’s packet compressions as well. This is an extension of my earlier research on predicting how CRIME could affect SPDY

The OpenVPN team has written an excellent article on this attack here

Resources

Slides

Proton VPN Blog

There were a few VPN providers who wrote about this and how they mitigated this attack.

Make sure you turn off compression on your OpenVPN clients and servers