Do You Know BREACH Tool to Extract Secret Data (Session Identifiers, CSRF Tokens, OAuth Tokens, Email Addresses, ...) ?
Do you know BREACH tool to extract secret data (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) on an HTTPS (SSL)?
This tool (Breach), which was presented at the "BLACK HAT USA 2013" conference by three researchers in Information Security including: Angelo Prado, Neal Harris & Yoel Gluck (https://www.youtube.com/watch?v=CoNKarq1IYA) who explained and demonstrated how to use BREACH through the Youtube video.
Someone can better explain myself through another tutorial video how to use very well BREACH tool because frankly I can not at all understand the demonstration of its three creators even after watching their video demontration https: //www.youtube.com/watch?v=CoNKarq1IYA several times ??!
Tell me in detail how to walk BREACH through another tutorial video because I do not understand ??!
Thank you in advance