### [CVE-2012-4929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

### POC

#### Reference
- http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
- http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
- http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
- http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
- http://www.ubuntu.com/usn/USN-1898-1
- https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
- https://github.com/mpgn/CRIME-poc
- https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212

#### Github
- https://github.com/84KaliPleXon3/a2sv
- https://github.com/AKApul/03-sysadmin-09-security
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/Czech-BA/BankiD
- https://github.com/DeepKariaX/CipherAsh-SSL-Scanner
- https://github.com/F4RM0X/script_a2sv
- https://github.com/Fl4gu1z0wsky/CEH
- https://github.com/H4CK3RT3CH/a2sv
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/Liber-Primus/ARC_Vulnerability_Scanner
- https://github.com/MrE-Fog/a2sv
- https://github.com/Mre11i0t/a2sv
- https://github.com/PS-RANASINGHE/Crypto-Ex---7
- https://github.com/Pytools786/website-vulnerability-scanner-
- https://github.com/SECURED-FP7/secured-psa-reencrypt
- https://github.com/Sailakshmangoud/Web-Application-Vulnerability-Scanner
- https://github.com/TheRipperJhon/a2sv
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/WiktorMysz/devops-netology
- https://github.com/a-s-aromal/ARC_Vulnerability_Scanner
- https://github.com/addisonburkett/cve_query_module
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/alexoslabs/HTTPSScan
- https://github.com/anthophilee/A2SV--SSL-VUL-Scan
- https://github.com/bysart/devops-netology
- https://github.com/clic-kbait/A2SV--SSL-VUL-Scan
- https://github.com/clino-mania/A2SV--SSL-VUL-Scan
- https://github.com/coldorb0/SSL-Scanner
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/elptakeover/action
- https://github.com/emarexteam/Projes
- https://github.com/emarexteam/WebsiteScannerVulnerability
- https://github.com/fireorb/SSL-Scanner
- https://github.com/fireorb/sslscanner
- https://github.com/geon071/netolofy_12
- https://github.com/hahwul/a2sv
- https://github.com/halencarjunior/HTTPSScan-PYTHON
- https://github.com/hashbrown1013/Spaghetti
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/jselvi/docker-crime
- https://github.com/lithekevin/Threat-TLS
- https://github.com/mohitrex7/Wap-Recon
- https://github.com/mpgn/CRIME-poc
- https://github.com/nikolay480/devops-netology
- https://github.com/nkiselyov/devops-netology
- https://github.com/paroteen/SecurEagle
- https://github.com/pashicop/3.9_1
- https://github.com/radii/zlib-cli
- https://github.com/shenril/Sitadel
- https://github.com/stanmay77/security
- https://github.com/tag888/tag123
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/waseemasmaeel/A2sv_Tools
- https://github.com/yellownine/netology-DevOps
- https://github.com/yurkao/python-ssl-deprecated