Deducing search queries from encrypted network traffic

Abstract

User data is has become more valuable than ever before. Companies are interested for the purpose of targeted advertisements and attackers are looking for information to perform social engineering attacks. HTTPS was introduced to encrypt and secure website visits and make it impossible for attackers to eavesdrop on the contents of the communication. But, HTTPS does not encrypt everything and information does still leak. This theses presents a novel approach called ESQABE which uses this in- formation in order to determine what a victim is searching for using a search engine. This is done by combining several different pieces of information as for example the length of packets and the websites visited afterwards. ESQABE is evaluated by automated tests and could correctly predict the search query in more than 32% of the cases. In more than 41% it even appeared in a list of three suggestions made. In order to protect the user, a browser extension was created which effectively hides the search query.