View Full Version : Your history revealed
Stealing your history...
...without Javascript!
My previous demo of sniffing a user's history was pretty effective. However, a lot of people commented on it not working with NoScript, naturally. So, I set to work to create a version that does work even if you have NoScript enabled. If the previous version didn't shock you, this one ought to.
Sniffing Browser History with NO Javascript! (http://www.making-the-web.com/misc/sites-you-visit/nojs/)
The link I gave don't work anymore.
Here is an other:
What the Internet knows about you (http://whattheinternetknowsaboutyou.com/top20k)
But I don't now at this momment what kind of hole it uses.
Seems it uses both JS and CSS attacks, there's more info here:
http://whattheinternetknowsaboutyou.com/docs/details.html
So this isn't using any new "bug", therefore nothing to fear for. :tongue:
Seems it uses both JS and CSS attacks, there's more info here:
What the Internet knows about you (http://whattheinternetknowsaboutyou.com/docs/details.html)
I though so, without being entirely sure.
On one of my browser, I don't use noscript, but have only SafeHistory & SafeCache installed, and the site could not see any fragment of my history.
I like very much this question in the FAQ:
Q: I am a very popular conservative politician. Also, I do like visiting adult websites. Should I be concerned?
:biggrin:
On one of my browser, I don't use noscript, but have only SafeHistory & SafeCache installed, and the site could not see any fragment of my history.
I just did the JavaScript-based test and it could find five of my visited sites, even though I have disabled history in Opera... :confused:
Edit: happens on both v10 and v9.64.
Edit 2: after adding the code shoulder posted on his CSS leak tutorial to my Opera custom style sheet and forcing all pages to use it, I get:
Congratulations, we did not find anything in this category in your browser history.
Feel free to try our other browser history tests.
I remember Zorvak mentioned a "randomstring" attack I should still be vulnerable to, though.
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.