How HTTP Compression Leaks Sessions and JWT - CRIME Explained and how HPACK in HTTP/2 fixes this
The Backend Engineering Show with Hussein Nasser - A podcast by Hussein Nasser
Categories:
In this video we will explore one of the most popular side attacks CRIME Compression Ratio Info-leak Made Easy) and the different ways to mitigate this. Intro 0:00 * HTTP/1.1 SPDY header compression 4:00* TLS compression * Response body attackers can’t inject 13:00 * Mitigations 14:10 * HPACK/QPACK * TLS Padding