Serious yes, but I want to know if this POC would work on a site not hacked.
The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.
So there has to this network sniffer, piece of 'stealthy' javascript, where does it come from. It would either have to be inserted into the site page (hacked) or an off site loading/running of a script (cross site scripting XSS, again hacked site).
Well I'm looking at what protection can be offered in the form of the web shield (good on hacked sites and inserted script tags, etc.) and things like NoScript and RequestPolicy firefox add-ons to prevent local or XSS scripts from running (unless of course you gave permission).
“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,”
So again I don't see any mention in all of this of a systems local security software and how it plays out in this.
EDIT: incorrect formatting of quote.