I am not understanding CRIME attack completealy..
First an attacker runs a script to caputure the encrypted cookies later using the captured value an attacker try to bruteforce the next cookie value.All the encryped cookies have the same length. In some papers I have read like there is compression before encryption in those papers also they have not clearly explained.I feel there is no point in compression after encryption,I am not able to picturize the actual CRIME attack.Can anyone of you explain clearly from step to step about CRIME attack or direct me to a good link?
