The attacker must also be able to sniff the victim’s HTTPS traffic. This can be done on open wireless networks; on local area networks (LANs), by using techniques such as ARP spoofing; or by gaining control of the victim’s home router through a vulnerability or default password. CRIME was tested successfully with Mozilla Firefox and Google Chrome.
Subscribe to Time to Hack
Get the latest posts delivered right to your inbox