Is history sniffing possible?

@PacopagApr 30.2012

Hi. I actually have a legit white-hat application for history sniffing, but according to what I’ve been reading, it’s pretty much impossible with modern browsers. Have there been any recent developments?

to post a comment

JavaScript

@PadonakApr 30.2012 — #hacking is no good, repent you sinner

@Logic_AliApr 30.2012 — #Have there been any recent developments?[/quote]
Indeed there have, meaning that the flaws that used to allow it have largely been fixed.

@rnd_meApr 30.2012 — #you can use img tags to ping remote sites. using a known new site as a baseline, you can compare ping times for different sites. it's not 100%, but already-visited sites reliably ping faster than novel sites owing to dns caching.

say you ping 5 sites and get timings like this

[CODE]timings={
 google:  60,
 yahoo: 220,
 msn:   88,
 aol:    55,
 ask:  192
 };
 
 
 function obVals(ob) {
 var r = [], i = 0;
 for (var z in ob) { if (ob.hasOwnProperty(z)) {
 r[i++] = ob[z];
 }}
 return r;
 }
 
 
 //find avg ping time:
 var avg=obVals(timings).reduce(function(a, b) {return a + b;}) / obVals(timings).length
 
 //make a visited site bucket:
 var visited=[];
 
 //collect visited site names here:
 for(var i in o){
 if(o[i]<avg){visited.push(i);}
 }
 
 
 //show the faster than avg sites:
 alert("Visited Sites :nn"+visited.join("n"));
 
 [/CODE]

as far as specific pages go, afaik, any leftover history leaks have dried up...

@tiko_historyMay 06.2012 — #you can use img tags to ping remote sites. using a known new site as a baseline, you can compare ping times for different sites. it's not 100%, but already-visited sites reliably ping faster than novel sites owing to dns caching.

say you ping 5 sites and get timings like this

[CODE]timings={
 google:  60,
 yahoo: 220,
 msn:   88,
 aol:    55,
 ask:  192
 };
 
 
 function obVals(ob) {
 var r = [], i = 0;
 for (var z in ob) { if (ob.hasOwnProperty(z)) {
 r[i++] = ob[z];
 }}
 return r;
 }
 
 
 //find avg ping time:
 var avg=obVals(timings).reduce(function(a, b) {return a + b;}) / obVals(timings).length
 
 //make a visited site bucket:
 var visited=[];
 
 //collect visited site names here:
 for(var i in o){
 if(o[i]<avg){visited.push(i);}
 }
 
 
 //show the faster than avg sites:
 alert("Visited Sites :nn"+visited.join("n"));
 
 [/CODE]

as far as specific pages go, afaik, any leftover history leaks have dried up...[/QUOTE]
Thanks you , it is helpful information .

Is history sniffing possible?

4 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

Is history sniffing possible?

4 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

4 Comments(s) _↴

Also in #JavaScript _↴