A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas (Presentation PDF Paper) by researchers Neal Harris and Angelo Prado. The attacker just has to continually eavesdrop on the encrypted traffic between a victim and a web server before and the exploit requires that a victim first access a malicious link, this can be done by embedding an iframe tag in a page the victim frequents.
Source: https://thehackernews.com/2013/08/sniffing-https-BREACH-exploit-blackhat-hacking-tool.html