VORCLE – Recovering HTTP Data from VPN Connections Made Easy

Windows Articles

How to install Oracle Java 15 on Ubuntu 20.04 / 18.04?

Hello, friends. We know that Java is one of the most popular programming languages and now it's version 15. So in this...

How to run the Linux Tail command in Windows 10.

Hi! The title of this post may seem incongruous, but it's not. In fact, for some time Microsoft has approached positions with...

How to compress large videos in Windows 10

Hello, how are you? Multimedia resources are definitely used in any system. Indeed, we live in the age of technology. That's why...

How to get Google Opinion Rewards in any Country

Greetings! Google Opinion Rewards is a cool app, which will allow you to earn credit, to spend it on the Google Play...

How to change the hostname on Ubuntu?

This simple tutorial will teach you how to change the hostname on Ubuntu. The steps we will tell you here will work...

For protection, we all heard the name of VPN, right? VPN is a service that allows accessing the internet and leaving the lowest possible footprint of yourself, ensuring your privacy. However, a new method of attack can now recover HTTP traffic that you send through a secure (encrypted) VPN connection. Of course, under certain conditions, not in all cases!

The name of the attack is quite charming – VORACLE. The attack was discovered by security researcher Ahamed Nafeez. The finding about the attack was presented at the Black Hat and DEF CON security conferences.

What is VORACLE?

To be honest, VORACLE isn’t a brand new attack method. Instead, it’s a combo and variation of some already-existing older cryptographic attacks like BREACH, TIME and CRIME.

In the previous attacks, researchers discovered that data was recoverable from TLS-encrypted connections if the compression of data happened before encrypting. Fixes for those attacks were out in 2012 and 2013 and since then, HTTP connection was safe.

What Nafeez discovered that the theoretical points of those attacks are still valid in the case of some VPN traffic types. He pointed out that the VPN clients/services that compress the HTTP web traffic before the encryption as a part of the connection are still vulnerable to those older attacks.

VORACLE can decrypt HTTP traffic sent via VPNs

According to Nafeez, VORACLE still allows an attacker to decrypt the original content of the HTTP traffic that’s going through the VPN connection. He explains that the aim of this attack is to leak secrets like cookies, page with sensitive info etc.

Nafeez also pointed out that VORACLE only works against the VPN services/clients that use the OpenVPN protocol as their core. OpenVPN is open-source and uses a default setting – compressing all the data before encryption via TLS and later, sending it via the VPN tunnel. Thus, it satisfies the conditions of the old attacks – BREACH, TIME and CRIME.

VORACLE is preventable

Despite VORACLE is so dangerous, it is still preventable in a very simple way. For example, some VPN services/clients allow modifying this setting to switch to a non-OpenVPN protocol.

Second, when surfing the net, users can decide not to surf websites that only offer HTTP. Thus, by only browsing the HTTPS sites, even if the attacker gets their hand on the traffic, it won’t be understandable to them.

Third, the attack doesn’t seem to be working in the case of Chromium-based browsers that split the HTTP requests in multiple parts like header and body. It means that even if you access HTTP sites using Chrome and other Chrome-based browsers, you won’t be susceptible to VORACLE.

TunnelBear removed the compression support for its OpenVPN-based servers. Private Internet Access also confirmed that they disabled the pre-compression back in 2014.

Stay safe on the internet!

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Oracle Java 15 on Ubuntu 20.04 / 18.04?

Hello, friends. We know that Java is one of the most popular programming languages and now it's version 15. So in this...

How to run the Linux Tail command in Windows 10.

Hi! The title of this post may seem incongruous, but it's not. In fact, for some time Microsoft has approached positions with...

How to compress large videos in Windows 10

Hello, how are you? Multimedia resources are definitely used in any system. Indeed, we live in the age of technology. That's why...

How to get Google Opinion Rewards in any Country

Greetings! Google Opinion Rewards is a cool app, which will allow you to earn credit, to spend it on the Google Play...

How to change the hostname on Ubuntu?

This simple tutorial will teach you how to change the hostname on Ubuntu. The steps we will tell you here will work...
x