Splicer's CSS History Checker

[splicer]

We all know BitTorrent trackers hate cheaters, and will go to many lengths to catch us and ban us. It seems some have adopted a new method; using CSS history leaks to see whether you have visited SB-I. Not cool. So, after a bit of snooping on the internet, I found a CSS history checker... but there were flaws, such as it checked whether the user had visited Google.com; but Google.com always changes domain depending on your country, so that checker was not the most accurate.

Hence, I created my own. Simply modifying the code (nothing special) and adding some instructions so that you can find how safe you are.

I present to you:

CSS History Checker

As you can see there are two tests to be carried out. Test 1 tells us whether sites within the same internet browser session can find out where you've been. Test 2 tells us if sites in futures sessions can find out where you've been in the past.

You can then adjust your settings accordingly so as not to be caught by this method!

[cheatos]

now i can confirm that css leak works ...

btw i could not respond to your PM cuz i'm not a full member yet...

[Dark Knight]

ThanX For Posting dude..

hmm after Performing Both Tests Successfully....I got negative Results...i.e.

Not Visited

* Wikipedia

so this means i m Safe From Css leaks , Currently Using FIreFoX 3.0.11.

Also is the Test made To Work Only with the Site "http://www.wikipedia.org/" ?

[splicer]

Also is the Test made To Work Only with the Site "http://www.wikipedia.org/" ?

At the moment, yes; I needed a large site which could handle a little extra data flow, and which would not redirect users to a specialised site. Google wouldn't have worked so well because if I had used "http://www.google.com" it would have most like redirected to a specialised site depending on your IP - Google.ca for Canadians. So the CSS check would have failed, making you think you were safe, when you might not be.

So I chose Wikipedia.org; this can be changed at anytime, and more sites can be added but ultimately they work all the same.

[SBfreak]

Not working for me....I am using SRware Iron.So If it worked somehow do I have to use this every time I visit SB-i like 100 times per day??


Anyway for protection I use SRware's Incognito mode.

[splicer]

Not working for me....I am using SRware Iron.So If it worked somehow do I have to use this every time I visit SB-i like 100 times per day??


Anyway for protection I use SRware's Incognito mode.

Like it says, more testing is needed; so far I've only tested Firefox with it, but today I plan to test it with more internet browsers.

The sitew which I borrowed he code from said it only worked with Firefox...
__________________________________________________ _

Also, the incognito mode is meant to be the private mode for Chrome/Iron, so it probably doesn't keep a history, so it wouldn't work.

You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window.

[anon]

Not working for me....I am using SRware Iron.So If it worked somehow do I have to use this every time I visit SB-i like 100 times per day??

I think it's just a checker. You'd need to disable history or use any other settings that make the test say you haven't visited Wikipedia even though you did.

The sitew which I borrowed he code from said it only worked with Firefox...

Mmm, that'd explain Wikipedia showing up as not visited even though I did click the link and have history enabled on Opera and IE. Will test it in Firefox when I get home.

[Hellboy]

Now i see how i got banned from X264.me.

[splicer]

Mmm, that'd explain Wikipedia showing up as not visited even though I did click the link and have history enabled on Opera and IE. Will test it in Firefox when I get home.

Okay then, I did some testing and these are the result:

Firefox: Works
Konqueror: Works
Opera: Doesn't work
Internet Explorer (7 and 8): Doesn't work (no surprises)
Safari: Works
Google Chrome: Works
SRWare Iron: Works

_____________________________________________

IE, both 7 and 8, give me this error:

Message: 'document.defaultView' is null or not an object
Line: 116
Char: 2
Code: 0
URI: http://csshistorychecker.webs.com/

Anyone got any ideas? I think this is also what is causing Opera to not work correctly with the CSS History Checker.

[anon]

I think this is also what is causing Opera to not work correctly with the CSS History Checker.

I don't have any CSS knowledge, but Opera has an error console - perhaps you can find more information there.

[shoulder]

Keep in mind this is not a "real" CSS Leak but a simple Javascript as it seems.

The attack using CSS works in every browser and doesn't need Java, Flash, ... .

Check here:

Sniffing Browser History with NO Javascript!

[splicer]

Agreed, but ultimately both methods are stopped in their tracks by the same thing; clearing your history and disabling your web browser from keeping a history.

[anon]

Confirmed, it works on Firefox 3.5. As already known, disabling history is enough to prevent the leak.

[splicer]

I don't have any CSS knowledge, but Opera has an error console - perhaps you can find more information there.

The error console didn't help, but the Java console brought up a whole bunch of things... too long for the sake of displaying on SB-I, but if anyone wants to have a look, it is attached to this post.

[anon]

Are you sure they're related to your checker? It doesn't use Java, right?

Edit: just enabled Java and refreshed the page, and the console is spammed with the same messages. Strange.