The latest update is now more capable and can exploit encryption such as AES.
The attack assumes that a target website uses HTTPS and compresses the response in plaintext.
This code can issue adaptive requests to the target service.
Our injector injects the client code in all unauthenticated HTTP responses that the victim receives.
Instead of stealing the users CSRF token, we can, therefore, steal one of these private messages.
It is the introduction of Rupture that speeds up the attack.
By using first-party cookies, the attacks could be eliminated.
source: www.techworm.net
