Bicycle attack
An HTTPS Bicycle Attack refers to a method of discovering password length on packets encrypted with TLS/SSL protocols.
In preparation for a bicycle attack, the attacker must load the target page to compute the sizes of headers in the request made by a given web browser to the server. Once the attacker intercepts and browser fingerprints a victim's request, the length of the password can be deduced by subtracting known header lengths from the total length of the request.
The term was first coined on December 30, 2015 by Guido Vranken, who wrote:
The bicycle attack makes brute-forcing of passwords much easier, because only passwords of the known length need to be tested. It demonstrates that TLS-encrypted HTTP traffic does not completely obscure the exact size of its content.